Features Pricing MSP
Documentation Learning Hub Blog
Login
← Blog

Microsoft Outlook will require DMARC starting in May 2025

  • 4 min. read

Microsoft has announced that starting on 5 May 2025 new stricter requirements will apply to email sent by bulk senders to Outlook addresses.

The new rules apply to all domains sending more than 5.000 emails per day to Outlook addresses, meaning email addresses ending with outlook.com, live.com, and hotmail.com. For now, Microsoft 365 addresses are not part of this change.

The stricter requirements are very similar to those already applied by Gmail and Yahoo in 2024.

In this article, we’ll take a close look at the new requirements and the best ways to ensure compliance.

Key points
  • If you send more than 5.000 emails per day, this change will likely affect you. If you don’t, Microsoft still recommends following the guidelines.
  • Microsoft requires that SPF and DKIM are configured. DMARC is also required and DMARC alignment must be achieved to stay out of the junk folder, even if the enforcement policy may be none.
  • To comply with these requirements, set up DMARC reporting to find all your sending sources. Use a reporting tool like DMARCwise to analyze your email setup.

Who’s affected

Every domain that sends more than 5,000 email messages per day is affected by the new rules.

Microsoft didn’t provide specific details on how to calculate the threshold value (like Google did), so here’s what we can infer so far:

  • The new rules apply only to Outlook consumer addresses, like those ending with outlook.com, live.com, and hotmail.com (and national variants), therefore we can assume that the 5,000 messages threshold only applies to these recipients.
  • Email sent to domains hosted on Microsoft 365 are excluded from this change.
  • Presumably, subdomain will count towards the main domain, e.g. sending from newsletter.dmarcwise.io will likely count towards the domain dmarcwise.io.

What are the requirements

Affected domains are required to be compliant with the following rules:

  • SPF must be configured and pass.
  • Email messages must be signed with valid DKIM signatures.
  • Either SPF or DKIM must be aligned with the From domain.
  • DMARC must be set up, although a p=none policy is enough.

Initially, starting on 5 May 2025, non-compliant messages will be routed to Outlook’s junk folder.

In the future (date not yet announced), Outlook will start rejecting non-compliant email messages.

Note that Microsoft clearly states that asking recipients to add senders to the “Safe Sender list” doesn’t bypass these requirements.

Additional recommendations

Microsoft also published additional recommendations for large senders. Specifically:

  • Compliant P2 (Primary) Sender Addresses: Ensure the “From” or “Reply‐To” address is valid, reflects the true sending domain, and can receive replies.

  • Functional Unsubscribe Links: Provide an easy, clearly visible way for recipients to opt out of further messages, particularly for marketing or bulk mail.

  • List Hygiene & Bounce Management: Remove invalid addresses regularly to reduce spam complaints, bounces, and wasted messages.

  • Transparent Mailing Practices: Use accurate subject lines, avoid deceptive headers, and ensure your recipients have consented to receive your messages.

According to Microsoft, these aspects play a role in Outlook’s spam filter.

How to comply with the new requirements

Before doing anything, it’s a good idea to get a sense of your current email sending setup.

Depending on how complex your setup is, you may:

  • Use a mail checker tool that tells you if the email messages that you send comply with the above rules.
  • Use a DMARC reporting tool to obtain a list of all the sources that send email from your domain.

(I would tend to avoid tools that try to give you an answer by just giving them your domain name: the fact that you have some DNS records in place doesn’t say much about the actual compliance of the email messages.)

At DMARCwise we provide both tools: for example, you can start a free test below or on our homepage.

Once you have identified the sending sources, you should go through each of them and see if SPF and DKIM are not only configured, but also configured in a way that guarantees DMARC alignment (a requirement for bulk senders).

For example:

  • SPF, the mechanism for defining which servers are allowed to send from your domain, is often configured by default by your email service providers, but it’s a good idea to check if they also allow to enable SPF alignment with a custom Return-Path or custom MAIL FROM.
  • Similarly, in the case of DKIM, a cryptographic method to ensure that only those that own a secret key can send emails on behalf on your domain, it’s a good idea to check if your email provider has enabled email signing and find out how to enable custom DKIM signatures.

We have many other resources in our Documentation and Learn sections to help you reach DMARC compliance:

Microsoft has published an article explaining the new requirements in detail:

You can also contact us, we’re happy to help!

Struggling with email deliverability?

Test your email setup for free, then start monitoring SPF, DKIM and DMARC.

✅ Ensure your emails land in the inbox
🚀 Troubleshoot with a powerful dashboard
🧪 Run interactive diagnostics
📊 Monitor with weekly email digests

Create a free account
or

Learn more about DMARCwise