Microsoft’s new DMARC sending requirements.

Microsoft announced on 2nd April 2025 that all high-volume email senders will need DMARC in-place to deliver email successfully.

What does this mean?

This will affect thousands of businesses, and MSPs will need to stay on top of this change to ensure email deliverability and security for their customers.

Starting May 5, 2025, Microsoft will enforce new DMARC (Domain-based Message Authentication, Reporting & Conformance) requirements for domains sending over 5,000 emails per day. This change aims to enhance email security and reduce fraudulent activities like spoofing and phishing.

Key Points:

• Mandatory Compliance: All high-volume senders must comply with SPF, DKIM, and DMARC protocols.

• Email Deliverability: Non-compliant emails will be routed to junk folders or rejected.

• Enhanced Security: These measures will help protect your brand and improve email deliverability.

What do I need to do?

You need to configure a DMARC policy, as well as a SPF and DKIM for every platform you send email from. You will also need access to your DNS records, the goal is to work towards a policy of p=reject, which will instruct your mail servers (e.g microsoft, gmail etc) to reject all illegitimate emails presenting to your domain.

You can check to see if your domain has a policy by going to MxToolbox.

Can I ignore this if I’m not a bulk sender?

To be honest… No, granted 5000 emails a day is a lot but its never a good idea to ignore such a big change. DMARC is there to protect your business from spoofing by verifying authenticity of email senders, and as a standard your MSP should be configuring these for you.