It’s been just over a year since Google and Yahoo began enforcing email security requirements to combat spam and phishing. Now, Microsoft is following suit, announcing similar requirements for incoming mail to the Outlook.com platform.
These changes highlight an ongoing shift in the email landscape, and organizations sending any amount of email should take immediate action to ensure security compliance for email deliverability.
What policies are required?
All organizations:
- Implement SPF and DKIM policies to verify the sender’s identity.
- Define a DMARC policy that leverages SPF and DKIM.
Organizations sending at least 5,000 emails a day:
- Include an easy unsubscribe option with a clear, one-click unsubscribe link in all promotional emails.
- Maintain a low spam rate (below 0.1% ideally, but not above 0.3%)
Microsoft’s Outlook.com requirements mirror the approach taken by Google and Yahoo last year. When enforcement begins in May, non-compliant messages will be routed to users’ Junk folders, but will eventually be rejected.
What should organizations do?
To avoid deliverability issues, organizations should ensure that their SPF, DKIM, and DMARC records are accurate and that they are complying with best practices, including compliant sender addresses, functional unsubscribe links, and transparent mailing practices.
- Review SPF and DKIM records for all outgoing mail services.
- Set up DMARC to monitor deliverability reports.
- Slowly increase the DMARC policy to “quarantine” and “reject” to thwart attempts by scammers to impersonate your domain.
- Confirm any bulk email has a clear unsubscribe link for recipients to opt out.
- Monitor your spam rates to maintain a good sending reputation.
These changes by Google, Yahoo, and now Microsoft highlight the increasing importance of email security. Taking steps to comply with these requirements will help protect your organization’s reputation, improve email deliverability, and ensure that your messages reach recipient inboxes now and in the future.
For a free consultation and written estimate, call 646-274-0933 or email info@macktez.com.
Macktez Domain Management enhances organizational security by managing domain and DNS settings to fortify email and web security, minimizing the risk of domain-based attacks, and verifying the authenticity of outbound messages. If you’d like to learn more, schedule a meeting.