Introduction

In an era where email remains one of the most widely used tools for personal and business communications, Outlook is stepping up its commitment to protect inboxes and preserve trust in the digital ecosystem. Today, we’re announcing new requirements and best practices designed to strengthen email authentication for domains sending more than 5,000 emails per day. 

These new requirements will enforce stricter standards by including mandatory SPF, DKIM, DMARC settings. Outlook is pushing the broader industry toward best practices and safeguarding the millions of individuals and small businesses that rely on us every day. These measures will help reduce spoofing, phishing, and spam activity, empowering legitimate senders with stronger brand protection and better deliverability. 

Outlook has always prioritized user safety and reliability; we’re proud to further invest in this solution that will keep our customers safe and reinforce the best practices across the industry. We believe that by raising the bar for large senders, we can inspire lasting change that benefits everyone. 

What’s Changing?

For domains sending over 5,000 emails per day, Outlook will soon require compliance with SPF, DKIM, DMARC. Non‐compliant messages will first be routed to Junk. If issues remain unresolved, they may eventually be rejected. Senders will soon start requiring compliance with the following requirements: 

1. SPF (Sender Policy Framework)
   • Must Pass for the sending domain.
   • Your domain’s DNS record should accurately list authorized IP addresses/hosts.
2. DKIM (DomainKeys Identified Mail)
   • Must Pass to validate email integrity and authenticity.
3. DMARC (Domain-based Message Authentication, Reporting, and Conformance)
   • At least p=none and align with either SPF or DKIM (preferably both).

Learn more about email authentication here.

Additional Email Hygiene Recommendations

Large senders should also adopt these practices to maintain quality and trust:

• Compliant P2 (Primary) Sender Addresses: Ensure the “From” or “Reply‐To” address is valid, reflects the true sending domain, and can receive replies. 

• Functional Unsubscribe Links: Provide an easy, clearly visible way for recipients to opt out of further messages, particularly for marketing or bulk mail. 

• List Hygiene & Bounce Management: Remove invalid addresses regularly to reduce spam complaints, bounces, and wasted messages. 

• Transparent Mailing Practices: Use accurate subject lines, avoid deceptive headers, and ensure your recipients have consented to receive your messages. 

Outlook reserves the right to take negative action, including filtering or blocking—against non‐compliant senders, especially for critical breaches of authentication or hygiene. 

Enforcement Timeline

Starting today, we encourage all senders and particularly those that send at high volume to review and update their SPF, DKIM, and DMARC records, in preparation for when the enforcement begins, starting in May. 

After May 5th, 2025, Outlook will begin routing messages from high volume non‐compliant domains to the Junk folder, giving senders an opportunity to address any outstanding issues. NOTE: that in the future (date to be announced), non-compliant messages will be rejected to further protect users.   

Next Steps

• Prepare Now: Audit your DNS records (SPF, DKIM, DMARC) and verify you meet all the requirements. To view the authentication header, visit this. To learn how to read authentication headers, click here. 

• Stay Informed: We’ll provide updates on official rollout schedules, and dates for when rejection actions will begin through a blog post. 

• Join Our Mission: Embracing better authentication and hygiene not only benefits your deliverability but also helps protect the entire email ecosystem. 

For additional resources or support, visit sender support. Thank you for partnering with us to make email a more secure, transparent, and trusted channel for everyone.