Microsoft has encouraged senders using Microsoft 365 email to authenticate outbound messages, following the implementation of stricter anti-spam regulations for those sending in bulk. The Microsoft Defender for Office 365 team has explained that email authentication for domains can help messages avoid being marked as spam or rejected by providers such as Gmail, Yahoo, AOL, and Outlook.com. This is particularly important for bulk email campaigns in order to maintain their deliverability and reputation. By implementing email authentication, senders can prove that their messages come from a legitimate source and are not phishing attempts or other malicious content. Moreover, authenticated emails are more likely to reach their intended audience, resulting in higher engagement rates and overall email campaign success.

Compliance and Consequences

The company has warned that neglecting to comply with the newly introduced email authentication standards could lead to emails being tagged as spam or rejected outright. Microsoft also stressed that the Microsoft 365 service should not be employed for bulk emailing, as such emails may be blocked or redirected to specific folders by Exchange Online Protection’s (EOP) outbound spam controls. Instead, bulk email senders should rely on their own on-site email servers or third-party mass mailing providers to ensure proper email-sending practices. Failure to adhere to these guidelines may ultimately result in decreased email deliverability and potential damage to the sender’s reputation. As a best practice, organizations should invest in comprehensive email management tools and services that prioritize security, and understand all relevant regulations and standards in order to maintain effective communication with their customers.

Criteria for Bulk Emails through EOP

To send bulk emails through EOP, organizations must meet the following criteria: First and foremost, the organization must have a legitimate reason for sending out mass emails, typically for marketing or informational purposes, and should obtain recipients’ consent beforehand. Additionally, adherence to the guidelines and regulations set by both EOP and international anti-spam laws, such as the CAN-SPAM Act and GDPR, is required to ensure a seamless and lawful bulk emailing process.

Best Practices for Bulk Emailing

1. Refrain from surpassing the service’s sending limits by not sending emails at a high rate or in large volumes and avoiding the use of extensive BCC recipient lists.
2. Implementing a responsible emailing practice not only reduces the risk of your messages being marked as spam but also ensures smooth deliverability and a good sender reputation.

Email Marketing Tools and Services

Additionally, consider using email marketing tools and services to manage large-scale email campaigns, as they are designed to maintain compliance with sending limits and optimize your outreach effectively.

Custom Subdomains for Bulk Emails

1. Avoid using primary email domain addresses as senders for bulk emails, as this may impact the delivery of regular emails within the domain. Instead, utilize a custom subdomain exclusively for sending bulk emails.
2. By using a custom subdomain specifically designated for mass mailing, you can minimize the risk of your primary domain getting blacklisted by email providers due to spam complaints. This separation allows your regular emails to be delivered efficiently without being affected by the reputation of your bulk email campaigns.

Email Authentication Records

Set up email authentication records, such as SPF, DKIM, and DMARC, for any custom subdomains in DNS. These authentication records help improve your email deliverability by verifying that your subdomain’s emails are legitimate and authorized. Implementing these protocols not only reduces the risk of your emails being marked as spam or phishing, but also enhances the overall security of your email communication.

Delivery Not Guaranteed

However, Microsoft has warned that meeting these requirements does not guarantee email delivery, and organizations with rejected emails should utilize an on-site or third-party provider. Nonetheless, implementing these suggested measures will likely improve an organization’s chances of successful email delivery and reduce the risk of their messages being deemed as spam. It is essential for organizations to continuously monitor their email systems and adapt to the ever-evolving email security landscape to ensure effective communication and protect sensitive information.

New Authentication Measures Starting February 2024

This alert follows an announcement that, starting February 1, 2024, Microsoft will target those sending over 5,000 daily emails to specific users. To strengthen defenses against email spoofing and phishing efforts, companies surpassing this threshold must implement SPF/DKIM and DMARC email authentication for their domains. This implementation aims to ensure a safer emailing environment and protect users from cyber threats while maintaining service delivery efficiency. Companies that fail to comply with these authentication measures may face restrictions on their emailing capabilities, leading to potential disruptions in their communication and customer engagement operations.

Unsubscribe Options and Following Requests

Additionally, bulk senders must offer recipients a one-click option to unsubscribe from promotional emails and adhere to unsubscription requests within two days. This ensures that recipients maintain control over the communication they wish to receive and reduces the likelihood of spam complaints. Respecting user preferences by providing a simple unsubscription process not only establishes trust with the audience but also helps in maintaining a positive brand image and reputation.

FAQ

Why is email authentication important for bulk email campaigns?

Email authentication helps messages avoid being marked as spam or rejected by email providers such as Gmail, Yahoo, AOL, and Outlook.com. It proves that the messages come from a legitimate source and are not phishing attempts or other malicious content, leading to higher engagement rates and overall email campaign success.

What can happen if organizations do not comply with email authentication standards?

Failure to comply with email authentication standards could lead to emails being tagged as spam or rejected outright. Additionally, it may result in decreased email deliverability and potential damage to the sender’s reputation.

What criteria must be met to send bulk emails through EOP?

Organizations must have a legitimate reason for sending mass emails, obtain recipients’ consent, and adhere to the guidelines and regulations set by EOP and international anti-spam laws such as the CAN-SPAM Act and GDPR.

What are some best practices for bulk emailing?

Some best practices include not surpassing the service’s sending limits, implementing responsible emailing practices, using email marketing tools and services, setting up custom subdomains for bulk emails, and setting up email authentication records like SPF, DKIM, and DMARC.

What will change in February 2024 regarding email authentication measures?

Starting February 1, 2024, Microsoft will require companies sending over 5,000 daily emails to specific users to implement SPF/DKIM and DMARC email authentication for their domains. Failure to comply may result in restrictions on emailing capabilities and potential disruptions in communication and customer engagement operations.

Why is it important to include unsubscribe options in bulk emails?

Including an easy unsubscribe option allows recipients to maintain control over their communication preferences and reduces the likelihood of spam complaints. Respecting user preferences helps establish trust, maintain a positive brand image, and positively impacts sender reputation.

First Reported on: bleepingcomputer.com
Featured Image Credit: Photo by Brett Jordan; Unsplash; Thank you!