Starting from 5 May 2025, Microsoft鈥檚 Outlook.com email service has begun enforcing stricter rules for bulk senders. This applies to anyone sending over 5,000 emails per day to addresses ending in outlook.com, hotmail.com or live.com. These emails must now pass 3 technical checks: SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting and Conformance).
These tools work together to confirm whether the sender is genuine. SPF checks if the email is coming from an approved server. DKIM signs each message so recipients can verify it hasn鈥檛 been changed. DMARC ties everything together by ensuring the 鈥淔rom鈥 address matches the records in SPF or DKIM. If these steps are skipped or misconfigured, the email won鈥檛 just be marked as spam鈥 it will be rejected outright.
This change follows years of Microsoft warning about rising spam and phishing attacks. Until now, Outlook had been routing unverified emails to the junk folder. Now, those messages will bounce back with a clear error message explaining why.
Why Are Marketers And Publishers Under Pressure?
Many businesses depend on bulk email for newsletters, product updates, event invites, and marketing campaigns. Under these new rules, that model becomes much harder to manage without proper technical setup. Even well-intended campaigns could be blocked if the sender hasn鈥檛 configured everything correctly.
Third-party tools like Mailchimp or HubSpot won鈥檛 automatically solve the problem either. If the sender鈥檚 domain hasn鈥檛 been correctly linked through SPF and DKIM, Outlook won鈥檛 let those messages through. That means businesses now have to work closely with their IT teams or vendors to adjust their domain settings. Even something as small as too many 鈥渋nclude鈥 lines in an SPF record could cause rejection due to a technical limit on DNS lookups.
Outdated mailing lists are another trap. If a business continues emailing invalid addresses or keeps people on a list who never agreed to be contacted, Outlook could penalise them. Bounce rates may rise, deliverability may drop, and eventually, their domain could lose credibility across email networks.
More from News
- What Do The April 2026 ONS Market Figures Mean For UK Businesses?
- FinanceWire And Symex Global Partner To Boost PR And IR Reach For Euronext Paris Companies
- Could You Be Answering A Normal Call When It鈥檚 Actually A Deepfake?
- Do People Trust AI More Than They Trust Humans?
- Power Costs Are Causing 1 In 5 UK Firms To Move Overseas
- What Will Happen If EU Regulators Win At Getting Google To Share Its Data?
- Uber Eats Makes Influencers Central To Its UK Growth Strategy
- It Sounds Ridiculous, So Why Is Allbirds鈥 AI Pivot Actually Working?
What Else Should Businesses Do To Stay Compliant?
Microsoft has also encouraged businesses to clean up their practices beyond the basic checks. A clear 鈥渦nsubscribe鈥 link is now essential, especially in promotional emails. Mailing addresses should be monitored regularly, and outdated or inactive contacts should be removed to avoid triggering spam filters. Subject lines must reflect the actual content of the email, and misleading headers should be avoided.
The changes also show the need for transparency. Businesses should only contact people who have agreed to receive their emails. Anything that feels like spam, even if technically compliant, risks being marked as such by users.
If a company鈥檚 emails are frequently reported as spam, even after passing all the new checks, that could still damage their reputation. Microsoft has made it clear that passing technical filters is only part of the picture. Users still control their inboxes, and complaints will continue to influence filtering systems.
How Could This Affect Different Types Of Businesses?
Smaller businesses may feel the strain if they don鈥檛 have technical staff to manage DNS records. Marketing teams that rely on plug-and-play email services might not even realise their campaigns are failing until responses drop or error messages appear. Publishers who send daily news roundups or updates to subscribers will need to adjust quickly to keep reaching their audiences.
Even for companies that do everything right, there鈥檚 no grace period. Microsoft has removed the previous buffer where non-compliant messages were quietly filtered to junk. Now, emails that don鈥檛 follow the rules will never be delivered. This could cause communication breakdowns, missed invoices, or poor customer service if alerts don鈥檛 get through.
While enterprise users are not currently affected, Microsoft has said these changes could eventually apply across all accounts. That raises the pressure on organisations to fix things now, rather than wait.
What Else Should Businesses Do?
Companies sending more than 5,000 emails per day should review their domain鈥檚 DNS records immediately. SPF entries need to be accurate and not overly complex. DKIM must be switched on and signing all outgoing messages. DMARC must be aligned with either SPF or DKIM and should gradually move toward a stricter policy like 鈥渜uarantine鈥 or 鈥渞eject鈥 to limit abuse.
Mailing lists should be audited, unsubscribe links tested, and replies monitored. Microsoft has made clear that there won鈥檛 be exceptions, and safe sender lists will not help. Businesses that treat this as an afterthought could find their messages blocked, even if their emails are well-meaning and professionally crafted.
All in all, this is an opportunity for businesses to take email hygiene seriously. Those who do will likely continue reaching their customers. Those who don鈥檛 may find themselves locked out of inboxes entirely.
