Microsoft Now Requires DMARC for All Incoming Email – What You Need to Know
What’s changing?
As of May 2025, Microsoft has started rejecting all emails that are not properly authenticated with DMARC (Domain-based Message Authentication, Reporting & Conformance). This applies to all Microsoft-managed services, including Outlook, Hotmail, and Microsoft 365.
If your email does not pass DMARC (aligned with SPF and DKIM), Microsoft will block it entirely. These emails won’t end up in spam—they’ll be rejected at the server level, with an error:
“550; 5.7.515 Access denied, sending domain [SendingDomain] does not meet the required authentication level.”
What is DMARC and why does it matter?
DMARC is a security standard that helps verify that an email is truly from the domain it claims to be from. It:
-
Prevents spoofing and phishing attacks.
-
Helps maintain trust and protect your brand.
-
Ensures deliverability, especially to services like Microsoft Outlook.
Without DMARC, it’s easier for attackers to impersonate your domain—and now, it also means your legitimate messages won’t reach Microsoft recipients.
What should Netigate customers do?
-
If you use your own domain to send surveys via Netigate:
While DMARC is currently optional for domain verification, we strongly recommend you implement the suggested DMARC settings to ensure deliverability.
-
If you’re using a Netigate-provided domain:
No action is needed. Domains like survey.netigate.se, surveys.netigate.net, etc., are already configured with correct SPF, DKIM, and DMARC settings.
What’s next?
Netigate will begin enforcing DMARC verification for custom domains in H2 2025, as part of our ongoing commitment to deliverability and sender reputation. We’re also analyzing how many customers may be affected by Microsoft’s policy to provide proactive support.
Need help?
Check out these resources:
If you’re unsure whether your domain is compliant, please reach out to our support team or your Netigate contact for assistance.
