Microsoft DMARC requirements: A comprehensive guide

From May 5, 2025, Microsoft mandates that all organizations sending 5 000 or more emails per day to its consumer services must implement DMARC, SPF, and DKIM to authenticate messages.

Senders must publish a DMARC record with at least a p=none policy and ensure alignment between DMARC and either SPF or DKIM. Non-compliance can result in messages being rejected or filtered into Spam folders.

Check out our guide on the Microsoft DMARC requirements to learn more.

Download guide
Microsoft, Yahoo, And Google Dmarc Requirements.

Microsoft DMARC requirements explained

To comply with the Microsoft DMARC requirements, senders must implement:

DMARC

A DMARC record, with a minimum policy of p=none, must be published for the domain. This tells email receivers how to handle messages that fail SPF or DKIM checks. DMARC must be aligned with either SPF or DKIM, preferably both.

SPF

All outbound emails must pass SPF checks. SPF verifies that an email server is authorized to send messages on behalf of the domain.

DKIM

All outbound messages must pass DKIM checks. DKIM applies a digital signature to verify the message's integrity and authenticity.

Who must comply with the Microsoft DMARC requirements?

Microsoft’s New Dmarc Requirements

Any business sending 5 000 or more messages daily to Microsoft email accounts must meet these requirements.

This includes:

  • Internal and hosted email systems
  • CRM, ERP, and e-commerce services
  • Email marketing platforms
  • Transactional emails
  • Third-party senders

Failure to comply may result in:

  • Increased risk of spoofing and phishing
  • Messages being rejected by Microsoft

Sendmarc makes DMARC compliance easy, providing the tools needed to meet evolving requirements.

Book a demo or explore our platform to find out how we simplify DMARC adoption.

Book a demo
Free trial

Get a copy of the Microsoft DMARC rules

Complete the below form to get this free guide.

Expert insights

“Microsoft’s update is a strong signal that the email ecosystem is maturing. These new requirements aren’t just about compliance—they’re about customer trust. High-volume senders need to step up and treat deliverability and authentication as core parts of their digital brand strategy, not just IT hygiene.”

– Nicolas Blank, Microsoft 365/Entra MVP and Founder of NBConsult

“While Microsoft’s new requirements apply to bulk senders, I believe every domain should have SPF, DKIM, and DMARC in place. These aren’t just technical best practices—they’re essential for protecting deliverability and reputation. Microsoft themselves say it best: ‘All senders benefit from these practices.’ It’s time the industry starts moving in that direction.”

– J. Peter Bruzzese, Microsoft MVP and Co-Founder of ClipTraining

Microsoft DMARC FAQs

Does Microsoft require DMARC?
Yes, Microsoft requires DMARC for all senders who send 5 000 or more daily emails to Microsoft consumer email platforms, including outlook.com, live.com, and hotmail.com addresses.
To comply with Microsoft’s DMARC requirements, your organization must publish a valid DMARC record for its domain with at least a p=none policy. Additionally, SPF or DKIM must be aligned with the visible ‘From’ domain.
Yes, DMARC is now a requirement for bulk email senders targeting Microsoft, Yahoo Mail, and Gmail addresses. Microsoft’s requirement became effective on May 5, 2025.

If your business doesn’t implement DMARC for its domain, Microsoft might reject its emails. This could result in reduced deliverability and damage to your business’s sender reputation.

Sendmarc logo
Sendmarc Soc2 Compliance badge
certification badge for ISO/IEC 27001:2022
G2 High Performer Badge - Winter 2025

How secure is your brand name from email scammers?

If you’re at risk of impersonation, one of our experts will be in touch to assist.

Linkedin-in Youtube X-twitter Facebook-f

Platform & Services

Company

Platform & Services

Resources