In May 2025, Microsoft began enforcing new rules that will impact how businesses send and authenticate email messages. This shift has placed DMARC at the heart of email security, especially for organisations that rely on high-volume sending.
If you’re unfamiliar with what DMARC is, or have yet to implement it, now is the time to act. Microsoft’s enforcement means that poorly configured emails are more likely to end up in the spam folder, or never reach the recipient’s inbox at all.
What is DMARC and how does it work?
DMARC stands for Domain-based Message Authentication, Reporting and Conformance. It is an email validation protocol that builds upon two existing authentication practices:
- SPF (Sender Policy Framework) confirms that the email is being sent from a legitimate source by checking the IP address of the sender domain against an authorised SPF record.
- DKIM (DomainKeys Identified Mail) verifies that the message has not been altered during transmission using a digital signature known as a DKIM signature.
Together, SPF and DKIM provide the foundation for DMARC authentication, which then applies a defined DMARC policy to incoming messages. If a message fails to meet the authentication protocol (known as DMARC domain alignment), the receiving mail servers take action based on that policy: accept it, send it to the recipient’s spam folder, or reject it entirely.
Why this matters now
Microsoft has joined other major email service providers in requiring high-volume email senders to have a valid DMARC record. This move aligns with recent policies already enforced by Google and Yahoo.
If you send more than 5,000 emails per day, your messages may now be filtered out or rejected by Microsoft unless your email domain has proper authentication protocols in place. Messages that fail authentication will no longer be tolerated by receiving servers and are likely to be blocked or routed to spam.
Microsoft is not just enforcing DMARC. It is also preparing to roll out limitations such as High Volume Email thresholds and Tenant External Recipient Limits, which will further restrict bulk email traffic unless it complies with proper email validation standards.
How DMARC helps domain owners
DMARC enables domain owners to take control of how their email domains are used. By publishing a DNS record (specifically a TXT record) in their domain name system, a domain owner can instruct mail servers how to handle messages that fail SPF or DKIM checks.
There are three types of DMARC policy:
- None: Monitor email activity without taking action
- Quarantine: Send suspicious emails to the spam folder
- Reject: Block unauthorised or fraudulent email entirely
In addition, DMARC can send DMARC reports to the domain administrator, which include aggregate reports and forensic reports. These provide valuable insights into whether your domain is being misused, how many messages are being blocked, and whether your SPF and DKIM are passing as expected.
This visibility helps protect the email channel, reduces exposure to phishing attacks, and improves email deliverability by proving you are a legitimate email sender.
The consequences of not implementing DMARC
If your business does not publish its own DMARC record, or if your existing DMARC authentication is misconfigured, your emails may:
- Fail to reach customers or partners
- Be flagged by receiving mail servers
- Appear suspicious or fraudulent
- Get delivered to the recipient’s spam folder
- Harm your legitimate domain reputation
This is especially important for businesses sending communications to Microsoft users. Messages without correct authentication reporting and conformance will not be accepted, regardless of intent or content.
How to start implementing DMARC
To comply with these changes, email domain owners should:
- Review their domain’s DNS settings
- Publish a correct DNS TXT record for DMARC
- Ensure SPF and DKIM alignment is set up correctly
- Define a suitable DMARC policy based on risk tolerance
- Regularly review DMARC reports and adjust settings if needed
Remember, implementing DMARC is not just about preventing emails from being blocked. It is about proving you are a legitimate sender, protecting your brand from domain spoofing, and giving your messages the best chance of landing in the primary inbox.
How we can help
The email landscape is evolving rapidly. Microsoft’s latest enforcement is a clear message to all email senders that strong email authentication is no longer optional. It is essential.
At Zenzero, we understand how critical email is to your operations. Whether you are a domain owner, an IT manager or part of a marketing team, DMARC is no longer just a technical requirement. It is a strategic safeguard for your brand, your communications and your clients.
We help businesses like yours implement DMARC properly, configure the necessary SPF and DKIM settings, and apply a tailored DMARC policy. More importantly, we provide ongoing monitoring of DMARC reports so issues can be identified and resolved before they affect your email deliverability or your domain’s reputation.
If you are unsure whether your setup is compliant or simply want confidence that your email security is covered, speak to us. We will ensure your authentication practices are in place, properly aligned and future ready.