It was announced today (March 22, 2023) on Mailop that Microsoft’s consumer email domains (i.e. hotmail, outlook) would start to honour DMARC reject policies.

This is a great step forward in email security as many of the other major mailbox providers are already rejecting emails that fail DMARC. With Outlook.com moving forward they join the ranks of Google, iCloud and others that are already issuing bounce failures for DMARC policy enforcement.

Announcement:
Microsoft is proud to announce our Consumer email service (Outlook/Hotmail/MSN/Live) will now honor the DMARC record of  “p=reject” by rejecting the message if the domain fails DMARC. Previously, messages that failed DMARC were sent to the junk folder (Quarantine). Over the next 30 days these DMARC-failing messages will be rejected. 

As a brand you should be reviewing your DMARC RUA reports regularly to ensure that your authentication is properly configured and your emails are not being impacted by poor setup or broken settings.

Review your bounces for common errors like these examples and take action to resolve them to ensure that you are not causing rejections of your legitimate emails:

554 The email you are trying to send is rejected as it does not comply with the DMARC policy published by your domain. Please contact the administrator of your domain for further details.

550 5.7.0 DMARC PermError. Please engage your IT support to fix this.

550 5.7.26 Unauthenticated email from example.com is not accepted due to domain s DMARC policy. Please contact the administrator of example.com domain if this was a legitimate mail.  

550 Message rejected due to senders DMARC policy

550 5.7.1 The messages violates the DMARC policy of example.com

550 5.7.1 Email rejected per DMARC policy for example.com

Remember if you’re interested in implementing DMARC for your brand find a good partner, there are lots of DMARC providers out there that will help you with this process.

  • Start with a DMARC none policy to get an overview of where you’re starting from without impacting your ability to send email.
  • Then move to a DMARC quarantine, this will impact poorly authenticated emails, so spending the time to get it right with a none policy is important.
  • Lastly, if you are comfortable with the results you can implement a DMARC reject policy to request failed emails are blocked by the recipient’s mail servers.

You can check the status of your domain here and see what phase of DMARC your organization is currently at.