This applies to Outlook.com - our consumer service, which is supporting hotmail.com live.com and outlook.com consumer domain addresses.

Introduction

In an era where email remains one of the most widely used tools for personal and business communications, Outlook is stepping up its commitment to protect inboxes and preserve trust in the digital ecosystem. Today, we’re announcing new requirements and best practices designed to strengthen email authentication for domains sending more than 5,000 emails per day. 

These new requirements will enforce stricter standards by including mandatory SPF, DKIM, DMARC settings. Outlook is pushing the broader industry toward best practices and safeguarding the millions of individuals and small businesses that rely on us every day. These measures will help reduce spoofing, phishing, and spam activity, empowering legitimate senders with stronger brand protection and better deliverability. 

Outlook has always prioritized user safety and reliability; we’re proud to further invest in this solution that will keep our customers safe and reinforce the best practices across the industry. We believe that by raising the bar for large senders, we can inspire lasting change that benefits everyone. 

What's Changing?

For domains sending over 5,000 emails per day, Outlook will soon require compliance with SPF, DKIM, DMARC. Non‐compliant messages will first be routed to Junk. If issues remain unresolved, they may eventually be rejected. Senders will soon start requiring compliance with the following requirements: 

1. SPF (Sender Policy Framework)
   • Must Pass for the sending domain.
   • Your domain's DNS record should accurately list authorized IP addresses/hosts.
2. DKIM (DomainKeys Identified Mail)
   • Must Pass to validate email integrity and authenticity.
3. DMARC (Domain-based Message Authentication, Reporting, and Conformance)
   • At least p=none and align with either SPF or DKIM (preferably both).