Ever since Google and Yahoo jointly announced new deliverability requirements in late 2023, rumors have swirled that Microsoft would eventually join them. At long last, Microsoft announced new deliverability requirements, but only endorsed one of the four pillars of the Google-Yahoo announcement.
Let’s look at what Microsoft is requiring of senders and what impact it will have on marketers, bearing in mind that these changes will have an outsized impact on B2B marketers, which have much higher exposure to Microsoft as a mailbox provider.
DMARC Requirement Is Now Universal
The change that all three mailbox providers agree on is that having a DMARC policy in place is essential for domains sending over 5,000 emails per day. Along with SPF and DKIM, which have been required for many years, DMARC is the newest email authentication component and helps combat spoofing, where a spammer impersonates a reputable brand. Together, SPF and DKIM are like a driver’s licence that identifies a sender, while a DMARC policy tells mailbox providers what to do with emails that claim to be from your brand but fail the ID check.
Currently, Google, Yahoo, and Microsoft only require senders to publish a DMARC policy of p=none, which tells mailbox providers to ignore ID failures. While that doesn’t sound like it would be effective, simply having a DMARC policy in place allows brands to generate DMARC reports that detail all the IP addresses and domains that are sending email purportedly from their brand.
Generally, these reports are eye-opening, especially for larger organizations. They sometimes discover that old systems are sending outdated automated messages. In other instances, they discover that sales reps have set up unauthorized ESP accounts so they can send prospects emails while skirting company policies. So, simply publishing a DMARC policy is an opportunity for brands to shut down these forgotten or unauthorized sending platforms.
Related post: New Gmail & Yahoo Deliverability Requirements: What Senders Need to Do
It is fully expected in the future that mailbox providers will require one of the two more restrictive DMARC policies, which are:
- p=quarantine, which instructs the mailbox provider to treat any email that fails an SPF or DKIM check with suspicion. This usually results in the email being placed in the spam or junk folder
- p=reject, which instructs the mailbox provider to flatly reject any email that fails an SPF or DKIM check
Once you’re confident that you’ve authenticated all the authorized sources of email from your brand, we recommend moving to a more restrictive DMARC policy. For instance, most of our clients here at Oracle Digital Experience Agency already have a p=reject DMARC policy in place.
Related post: Understanding Email Deliverability: Key Factors & Key Issues
Microsoft’s Recommendations
Beyond their requirement to have a published DMARC policy, Microsoft announced four email hygiene recommendations, saying they may filter or block senders who don’t comply with them.
1. Compliant P2 (Primary) Sender Addresses. Microsoft wants senders to not only ensure that their “From” and “Reply-To” addresses are valid and reflect their sending domain, but they also want those addresses to be able to receive replies. While the first half of that shouldn’t be a problem for the vast majority of brands, the second part may be a change for some.
That said, many ESPs make it much easier to monitor replies nowadays. For instance, some let you automatically filter out-of-office and other auto-replies so you can focus on human-initiated replies. In our experience, replies to marketing emails aren’t unusual and are often valuable, whether they’re asking for more information, pointing out a service-related problem, or alerting you to something wrong with your email program, such as a broken link in a campaign or on a landing page.
2. List Hygiene & Bounce Management. Microsoft advises senders to remove invalid addresses regularly. All reputable ESPs should automatically be removing hard bounces on your behalf. Some allow you to manually review or address hard bounces, which is a practice we don’t recommend. Microsoft clearly doesn’t recommend it either.
Related post: Managing Inactive Subscribers: Both Long-Term Inactives and Never-Actives
3. Functional Unsubscribe Links. Microsoft recommends providing “an easy, clearly visible way for recipients to opt out of further messages,” but they didn’t require list-unsubscribe headers like Google and Yahoo do. Functional unsubscribe links are a legal requirement of the CAN-SPAM Act of 2003, so hopefully no one will struggle with this recommendation.
4. Transparent Mailing Practices. And finally, Microsoft advises senders to “use accurate subject lines, avoid deceptive headers, and ensure your recipients have consented to receive your messages.” Those first two items are also legally required by CAN-SPAM, but that last item is famously not required by US law, although permission is enshrined in marketing laws in Canada, Europe, and many other countries. This further demonstrates that mailbox providers like Microsoft have raised the bar on email marketing practices well beyond what US law requires.
Expect More Changes to Come
Google, Yahoo, Microsoft, and Apple operate the largest inbox and mailbox providers in the US and all of them have been making investments in those platforms. In addition to these investments in spam filtering, they’ve been rolling out a variety of new inbox features. For instance, Apple made significant changes to Apple Mail with the release of iOS 18, including adding inbox tabs and AI Summaries. And Google has rolled out several new Gmail features, too.
While not all of these changes are boons to email marketers, this flurry of investments shows the email channel is still top of mind for some of the largest tech companies on the planet. And marketers should expect more changes on the horizon, including an eventual move to requiring a more restrictive DMARC policy.
—————
Need help with your email marketing program? Oracle Digital Experience Agency has hundreds of marketing and communication experts ready to help Responsys, Eloqua, Unity, and other Oracle customers create stronger connections with their customers and employees—even if they’re not using an Oracle platform as the foundation of that experience. With a 94% satisfaction rate, our clients are thrilled with the award-winning work our creative, strategy, and other specialists do for them, giving us an outstanding NPS of 82.
For help overcoming your challenges or seizing your opportunities, talk to your Oracle account manager, visit us online, or email us at OracleAgency_US@Oracle.com.
To stay up to date on customer experience best practices and news, subscribe to Oracle Digital Experience Agency’s award-winning, twice-monthly newsletter. View archive and subscribe →