By Steffan Dancy, CEO, Rydal Group
From May 2025, Microsoft will tighten its deliverability rules for bulk emailers. These upcoming changes are designed to make the email ecosystem more secure – but they also pose a risk to businesses who aren’t properly set up.
If your domain isn’t configured to meet these new requirements, your emails could be marked as spam, rejected by recipients, or fail to deliver at all. Unauthenticated emails from high-volume domains will start going to junk. Key details of the changes include stricter authentication protocols and enhanced monitoring of email traffic.
In this blog, we’ll explain what’s changing, why it matters, and how Rydal Group can help you stay protected and compliant.
Microsoft, alongside other major providers like Google, has committed to improving email security for email users by enforcing industry-standard protocols that authenticate the origin of your emails. Microsoft 365 and Outlook are at the forefront of these changes, implementing stricter email authentication measures to enhance security and trust in communications.
What’s Changing?
If your business sends large volumes of email and doesn’t have the following in place, you may face deliverability issues:
- SPF (Sender Policy Framework): Ensures only approved servers can send email on behalf of your domain.
- DKIM (DomainKeys Identified Mail): Cryptographically signs your emails with a DKIM signature, verifying they haven’t been altered in transit. It is crucial that emails sent from third-party services pass SPF and DKIM checks to ensure their legitimacy.
- DMARC (Domain-based Message Authentication, Reporting and Conformance): Ties SPF and DKIM together and tells mail servers what to do if authentication fails (e.g. reject or quarantine the message).
Outlook and Microsoft 365 are implementing these changes to ensure that email messages are properly authenticated, reducing the risk of spam and enhancing trust in communications. Google Workspace also plays a significant role in managing email authentication and security measures, particularly in setting up DMARC records and utilising Google Postmaster tools to monitor domain reputation and ensure email deliverability. Emails that have not been properly authenticated may eventually be rejected outright without arriving in inboxes or spam.
These protocols help prevent phishing, spoofing, and unauthorised use of your domain – all of which are becoming more prevalent as cyber attacks grow more sophisticated. A good domain reputation improves inbox placement, lowers bounce rates, and enhances engagement, especially for high-volume domains. It is essential for an organisation to ensure that emails sent are authenticated and secure to protect against phishing and spoofing attacks.
Introduction to Updates
The email landscape is constantly evolving, with new updates and security measures being introduced to protect users from spam and phishing attacks. One such update is the changes to Microsoft’s deliverability rules, which aim to strengthen email security and protect recipients. Setting up an account with tools like Google Postmaster is crucial for managing email authentication and gaining valuable insights.
This update is similar to the new deliverability rules introduced by Gmail and Yahoo! in 2024. To ensure that emails reach their intended recipients, it is essential to understand and comply with these updates. Email authentication, including SPF, DKIM, and DMARC, plays a crucial role in this process. By properly authenticating emails, senders can prevent their messages from being marked as spam messages and improve their overall email deliverability.
Understanding Email Authentication
Email authentication is a crucial process that helps verify the identity of email senders and prevent spam messages from reaching recipients’ inboxes. It involves using various authentication protocols to ensure that emails are properly authenticated and come from a legitimate source. By implementing robust email authentication measures, businesses can significantly reduce spam complaints and ensure that their legitimate emails reach their intended recipients. This not only enhances email deliverability but also builds trust with recipients, ensuring that important communications are not lost in spam folders.
Authentication Protocols
There are several authentication protocols used in email authentication, including Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-Based Message Authentication, Reporting, and Conformance (DMARC). SPF authentication verifies the IP address of the sender’s server, ensuring that only authorised servers can send mail on behalf of your domain. DKIM authentication uses a digital signature to verify the authenticity of the email, ensuring that it has not been altered in transit. DMARC ties SPF and DKIM together, providing a policy for how to handle emails that fail authentication and offering feedback to the sender. These protocols work in tandem to prevent spam messages and ensure that legitimate emails are delivered to the recipient’s inbox, enhancing overall email security.
Who Do Spam Complaints Affect?
Microsoft’s new enforcement particularly targets high-volume senders — broadly defined as those sending more than 5,000 emails per day. Domain sends over 5,000 emails daily need to ensure proper authentication. However, this doesn’t just affect large organisations.
Even if your business sends regular newsletters, customer updates, automated messages, or uses external marketing platforms (like Mailchimp or HubSpot), these rules can apply. What’s more, if you’re using a third-party service that isn’t properly authenticated on your domain, you may be at risk — whether or not you’re aware of it.
Additionally, using functional reply-to addresses and response addresses is crucial for ensuring successful email delivery and preventing messages from being categorised as spam.
What’s at Stake for Email Security?
If you don’t meet the new requirements, your emails could:
- Be flagged as spam
- Go missing altogether
- Damage your domain’s reputation
- Jeopardise customer relationships
- Interrupt operations and revenue
These outcomes aren’t just inconvenient – they can cause serious disruption to day-to-day business. For example, if invoices don’t land in your customers inboxes, or your marketing campaigns aren’t seen, you may lose revenue or credibility without realising why. High spam complaints and failure reports can further damage your domain’s reputation, making it crucial to minimise such complaints through targeted and relevant content.
Email authentication brings many benefits, particularly in ensuring that legitimate emails reach inboxes rather than spam folders.
Additionally, ensuring that your emails are authenticated as legitimate messages using protocols like SPF, DKIM, and DMARC is essential to prevent spoofing and ensure successful delivery. Properly authenticated legitimate emails are less likely to be flagged as spam, which helps maintain your domain’s reputation and ensures your messages reach their intended recipients.
Importance of Security Measures
Security measures, such as email authentication, are vital in preventing spam and phishing attacks. These measures help to verify the identity of the sender and ensure that the email is legitimate. By implementing security measures, email providers can protect their users from malicious emails and prevent damage to their reputation. Additionally, security measures can help to prevent email spoofing, which can lead to financial losses and damage to a company’s reputation. It is essential for businesses to prioritise email security and implement the necessary measures to protect their email systems. This includes using domain-based message authentication, reporting, and conformance (DMARC) to prevent email spoofing and phishing attacks.
Moreover, managed deliverability is crucial as a strategy to ensure that emails reach users’ inboxes rather than being filtered as spam.
Why Email Authentication Is a Priority Now
Although Microsoft’s changes won’t be fully enforced until May 2025, acting early ensures that:
- You have time to properly assess and update your email systems
- You avoid a last-minute scramble (and potential panic)
- You can test your email deliverability and adjust gradually
- Your business is aligned with best practice in cyber security and compliance
- You update your SPF record and TXT record for proper email authentication, which is crucial for maintaining email security and integrity
- Obtaining users’ consent in the sign-up flow will help enhance email deliverability and engagement rates
Complying with Microsoft’s updated email rules, including protocols like SPF, DKIM, and DMARC, is essential to ensure email deliverability and security.
In short, this isn’t just a technical change – it’s part of a global movement to build trust and security in digital communications.
Understanding Authentication
Authentication is the process of verifying the identity of the sender of an email. This is done using various protocols, including Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and DMARC. SPF authentication verifies that the sender’s IP address is authorised to send emails on behalf of the domain. SPF uses a TXT record in DNS to identify valid sources of mail from the “Mail From” domain. DKIM authentication uses a digital signature to verify the authenticity of the email. DMARC, on the other hand, uses both SPF and DKIM to verify the authenticity of the email and prevent email spoofing. By understanding how these authentication protocols work, email senders can ensure that their emails are properly authenticated and delivered to the recipient’s inbox.
When managing DMARC reports, it is crucial to ensure that the email address is within the same domain as the DMARC record. If the email address is on a different domain, a specific DNS record must be added to handle DMARC reports across different domains.
Exchange Online Requirements
Exchange Online requires that all emails sent to its users be properly authenticated using SPF, DKIM, and DMARC. This means that email senders must have a valid SPF record, a DKIM signature, and a DMARC policy in place to ensure that their emails are authenticated and delivered to the recipient’s inbox. Failure to comply with these requirements may result in emails being blocked or marked as spam. Fortunately, there are free tools available to check your SPF record, DKIM signature, and DMARC policy to ensure they are properly configured. By meeting these requirements, businesses can ensure their emails are properly authenticated and reach their intended recipients without issues.
Microsoft 365 Considerations
Microsoft 365 uses a combination of SPF, DKIM, and DMARC to authenticate emails and prevent spam messages. Email senders who use Microsoft 365 must ensure that their emails are properly authenticated to prevent bounce messages and ensure that their emails reach the recipient’s inbox. Microsoft 365 also provides features such as forensic reports and failure reports to help email senders identify and fix issues with their email authentication. Additionally, Microsoft 365 supports subdomains, which can inherit the parent domain’s DMARC policy, making it easier to manage email authentication across multiple domains. By leveraging these features, businesses can enhance their email security and ensure successful email delivery.
How Rydal Group Can Help
At Rydal Group, we’re already supporting businesses across the UK to prepare for this change. Our IT specialists are experienced in configuring and testing SPF, DKIM and DMARC settings to ensure full compliance with Microsoft’s new standards. We also recommend setting up a dedicated mailbox for managing DMARC reports to handle the potentially high volume of incoming data effectively. For more information, visit our detailed comparison page which explores key differences and helps in deciding the best plan for enhancing productivity and security.
For our existing clients:If you’re already using us for IT, we’re proactively reaching out to make sure you’re covered.
For clients who use other Rydal services (like telecoms or mobiles): You may not be sure if your domain is set up properly – that’s why we’re offering a free domain security check to all existing clients, even if you’re not currently using our IT support.
For businesses not yet working with us: We’re happy to offer a no-obligation consultation to assess your setup, explain what’s needed, and guide you through the process. We utilise tools like Google Postmaster and EasyDMARC to ensure compliance with email authentication standards.
Whether you have internal IT or use another provider, we’re here to ensure your business stays connected, compliant and secure.
Consequences of Non-Compliance
The consequences of non-compliance with email authentication updates can be severe. Emails that are not properly authenticated may be marked as spam or rejected by the recipient’s email server. This can lead to a decrease in email deliverability and a loss of business opportunities. Additionally, non-compliance can damage a company’s reputation and lead to a loss of customer trust. It is essential for businesses to comply with email authentication updates and ensure that their emails are properly authenticated. Monitoring mailboxes to ensure email deliverability and compliance with authentication standards is crucial. This includes setting up DMARC reports to monitor email authentication and identify potential issues. By taking these steps, businesses can protect their reputation and ensure that their emails reach their intended recipients.
Best Practices for Email Deliverability
To ensure that emails are delivered to the recipient’s inbox, email senders must follow best practices for email deliverability. This includes using a valid SPF record, DKIM signature, and DMARC policy, as well as ensuring that emails are properly formatted and free of spam triggers. Email senders should also use a clear and concise subject line and email body, and avoid using too many images or links. Additionally, email senders should regularly monitor their email metrics, such as open rates, click-through rates, and spam complaints, to identify areas for improvement. By following these best practices, email senders can improve their email deliverability and ensure that their emails reach the recipient’s inbox. Furthermore, email senders should be aware of the new features and updates in email authentication, such as the upcoming changes to Microsoft’s deliverability rules, and take steps to protect their domain and emails from spoofing and spam.
What Should You Do Next to Send Email?
If you’re unsure whether your business is compliant, or you’d simply like peace of mind, it’s worth having your domain checked now. Ensuring that SPF records are correctly configured for the parent domain is crucial to avoid complications with email authentication.
Request your free domain security check here –
Our team will quickly assess your domain’s email configuration and advise on any next steps — no jargon, no pressure. Setting up DMARC reports within the same domain is essential to ensure proper management and functionality.
This change by Microsoft is part of a wider shift across the industry to protect users and reduce email-based threats. While it may seem like a technical adjustment, the impact on businesses that don’t act could be significant. Proper email authentication is crucial to ensure emails reach the inbox instead of the spam folder.
Engaging email content is also vital for the recipient to prevent spam filtering. Irrelevant content can lead to negative engagement from the recipient, which may result in emails being marked as spam. Additionally, providing unsubscribe options is necessary to avoid frustrating the recipient and potentially leading to spam reports.
At Rydal Group, we believe in making IT simple, secure and proactive — and this is exactly the kind of update we help our clients navigate confidently.
Need help? Get in touch with our team today and let’s make sure your emails keep doing what they’re meant to — landing in inboxes, not spam folders.