Microsoft this week warned Microsoft 365 email senders to authenticate outgoing messages, a move prompted by Google’s recent announcement of stricter anti-spam rules for bulk senders.
“By setting up email authentication for your domain, you can ensure that your messages are less likely to be rejected or marked as spam by email providers like Gmail, Yahoo, AOL, Outlook.com,” the Microsoft team said. Defender for Office 365.
“This is especially important when sending bulk email (high-volume email), as it helps maintain the deliverability and reputation of your email campaigns.”
Failure to comply with newly announced email authentication standards may result in emails being rejected or labeled as spam.
Microsoft also warned that the Microsoft 365 service should not be used for mass email sending, as emails that do not follow sending limits will be blocked or sent to special high-risk delivery groups using outbound spam controls built into Microsoft. Exchange Online Protection (EOP).
Those who want to send bulk emails should use their own local email servers or third-party bulk email providers, which will help ensure good email sending practices.
Organizations that want to send mass emails via EOP will need to comply with this outbound spam protection guide:
- Be careful not to exceed the service’s sending limits by sending emails at a high speed or volume. This includes refraining from sending emails to a large list of BCC recipients.
- Refrain from using addresses on your primary email domain as senders of bulk emails, as it may affect the delivery of regular emails from senders within the domain. Instead, consider using a custom subdomain exclusively for bulk email.
- Make sure all custom subdomains are configured with email authentication records in DNS, including SPF, DKIM, and DMARC.
However, Microsoft warned that even “following these recommendations does not guarantee delivery. If your email is rejected as bulk, send it through on-premises or a third-party provider.”
Redmond’s warning was prompted by Google’s announcement that it was introducing new anti-spam guidelines targeting senders of more than 5,000 daily emails to Gmail users.
Starting February 1, 2024, Google will require senders above this threshold to implement SPF/DKIM and DMARC email authentication for their domains. This measure is intended to strengthen defenses against email spoofing and phishing attempts.
Additionally, bulk senders must provide Gmail recipients with a one-click option to unsubscribe from commercial emails and promptly address unsubscribe requests within two days.
As part of these efforts to combat spam, Google said it will also closely monitor spam thresholds and, in cases where abusive mass senders are identified, will mark their emails as spam to protect users from unsolicited messages and potentially harmful.
“If you do not meet the requirements (…), your email may not be delivered as expected or may be marked as spam,” Google warned.