In light of Google’s recent decision to enforce stricter anti-spam measures for bulk senders, Microsoft has cautioned Microsoft 365 email users to authenticate outgoing messages. According to the Microsoft Defender for Office 365 team, authenticating emails for a domain will make it less likely for providers like Gmail, Yahoo, AOL, and Outlook.com to reject or mark the messages as spam. This is crucial for bulk email senders wanting to preserve the deliverability and reputation of their email campaigns.
Microsoft recommends using Domain-based Message Authentication, Reporting, and Conformance (DMARC), which builds on existing email authentication protocols, such as SPF and DKIM. Implementing these security measures can improve deliverability, reduce the risk of phishing attacks, and protect the integrity and reputation of email communications.
Bulk Email Campaign Pitfalls and Solutions
Microsoft has recommended that bulk email senders not use Microsoft 365 service for their campaigns since emails that do not meet the new authentication requirements may be blocked or redirected by Exchange Online Protection’s (EOP) outbound spam filters. Instead, bulk email senders should use their own on-premises email servers or third-party mass emailing providers. This aims to ensure a secure and trustworthy email experience for Microsoft 365 users while minimizing the potential for spam and malicious content.
Companies that rely on bulk email campaigns should carefully assess the impact of these new requirements on their outreach strategies, and invest in compliant email infrastructure to avoid delivery issues.
Guidelines for Bulk Email Sending with EOP
Organizations intending to send bulk emails via EOP should follow these guidelines:
1. Refrain from emailing extensive BCC recipient lists and dispatching emails at a high rate or volume, to avoid exceeding the service’s sending limits. To ensure successful delivery of messages, implement best practices for email content, subscriber management, and engagement monitoring, including crafting engaging subject lines, authenticating the sending domain, managing opt-ins and unsubscribes, and analyzing bounce rates and spam reports.
2. Avoid using addresses from the primary email domain for bulk emails, as this could negatively affect routine email delivery within the domain. Creating a custom subdomain solely for bulk emailing is a better alternative. This ensures that crucial communications from the main domain are not adversely impacted by automated spam filters or blocklists and provides a more organized and professional approach to managing email marketing efforts.
3. Set up custom subdomains with email authentication records in DNS, incorporating SPF, DKIM, and DMARC. Incorporating these measures is essential for maintaining secure communication and protecting the domain’s reputation from email fraud. Setting up custom subdomains offers more control in managing email infrastructure while improving deliverability and sender credibility.
Alternative Solutions and Microsoft’s Emphasis
Microsoft highlighted that adherence to these guidelines does not guarantee delivery and suggested that bulk email senders with rejected emails use on-premises or third-party providers instead. Complying with the guidelines serves as an aid in reducing the likelihood of email rejection, but cannot promise seamless delivery in all cases. Microsoft encourages bulk email senders experiencing issues with their rejected emails to consider employing on-premises or third-party providers for effective handling and troubleshooting of email delivery.
Google’s Stricter Measures
Microsoft’s warning is a response to Google’s declaration that bulk email senders who transmit over 5,000 daily messages to Gmail users will be closely monitored. Google aims to enhance email security and protect users from potential spam or malicious content. Microsoft’s warning underscores the importance of responsible email practices, urging bulk senders to maintain transparency and comply with guidelines to avoid scrutiny or damage to their sender reputation.
Email Authentication and Compliance
Starting February 1st, 2024, individuals surpassing Google’s limit must utilize SPF/DKIM and DMARC email authentication for their domains. These measures bolster protection against email spoofing and phishing while improving email deliverability and sender reputation. By implementing SPF/DKIM and DMARC, senders can ensure that only legitimate emails are delivered to recipients’ inboxes, significantly reducing the risk of phishing attacks and identity theft.
One-Click Unsubscribe Feature
Bulk email senders must also provide Gmail recipients with a one-click unsubscribe feature for commercial emails and respond to unsubscription requests within two days. This feature allows individuals to quickly opt-out of unwanted advertisements or promotional content, reducing clutter and prioritizing their inbox. As a result, businesses must follow strict adherence to this policy and promptly process unsubscription requests to maintain a seamless user experience and evade non-compliance penalties.
FAQs: Microsoft’s Caution to Bulk Email Senders
What is Microsoft’s recommendation for bulk email senders using Microsoft 365?
Microsoft recommends authenticating emails for a domain using DMARC, which builds on existing email authentication protocols like SPF and DKIM, to improve deliverability and reduce the risk of phishing attacks. Microsoft also suggests that bulk email senders should use their own on-premises email servers or third-party mass emailing providers, instead of Microsoft 365 service for their campaigns.
Why should companies avoid using primary email domains for bulk emails?
Using primary email domains for bulk emails could negatively affect routine email delivery within the domain, as automated spam filters or blocklists may be triggered. Creating a custom subdomain solely for bulk emailing ensures crucial communications from the main domain are not adversely impacted and provides a more organized and professional approach to managing email marketing efforts.
Why is email authentication important for bulk email senders?
Email authentication protects the integrity and reputation of email communications, improves deliverability, and safeguards against email fraud. By implementing SPF, DKIM, DMARC, and employing a custom subdomain for bulk emailing, senders ensure secure communication while protecting their domain’s reputation and sender credibility.
What are Google’s stricter measures for bulk email senders?
Google declared that bulk email senders who transmit over 5,000 daily messages to Gmail users will be closely monitored. Starting February 1st, 2024, individuals surpassing this limit must utilize SPF/DKIM and DMARC email authentication for their domains. Additionally, bulk email senders must provide Gmail recipients with a one-click unsubscribe feature for commercial emails and respond to unsubscription requests within two days.
Why does Microsoft emphasize using on-premises or third-party providers for bulk emails?
While adhering to guidelines may reduce the likelihood of email rejection, it does not guarantee seamless delivery in all cases. On-premises or third-party providers offer more effective handling and troubleshooting of email delivery issues, ensuring that bulk email senders can successfully reach their recipients without being flagged as spam or endangering their sender reputation.
First Reported on: bleepingcomputer.com
Featured Image Credit: Photo by Clint Patterson; Unsplash; Thank you!
