16 Days: Countdown to Outlook’s New Rules for 500M Users

The countdown has begun to follow the new rules as 500 million users which is 16 days away.

For billions of users, email has been a boon and a bane. Regretfully, it has undoubtedly benefited hackers while harming consumers who are subjected to virus attachments, phishing scams, and other threats. There is no denying the widespread influence that spray-and-pray scammers, who send out massive amounts of emails every day, have on the email ecosystem, even while highly-targeted “spear” phishing attempts are becoming more and more popular among skilled threat actors. With the introduction of new email security regulations that will affect the 500 million users of outlook.com, including hotmail.com and live.com addresses, Microsoft is concentrating on these dangerous spam floods, which have the potential to inflict the most serious security problems. Here are some things you should know and do before May 5th.

On April 1, Google implemented additional sender authentication requirements in an effort to address the issue of fraudulent bulk senders compromising the security of Gmail service customers. These news regulations aim to reduce the possibility that criminals may use compromised or unauthenticated domains to send harmful payloads. According to a Microsoft article on the Windows Defender security site on April 2, the company is finally following suit and implementing similar regulations to “reduce the likelihood of spam and spoofing campaigns reaching our user base.”

The May 5 rules will mandate mandatory Sender Policy Framework, DomainKeys Identified Mail and Domain-based Message Authentication, Reporting, and Conformance compliance for domains sending more than 5,000 emails in a single day, as well as for the Outlook.com consumer service that supports hotmail.com, live.com, and outlook.com consumer domain addresses. Microsoft stated that if problems are not fixed, non-compliant communications will be rejected after first being sent to Junk. You should pay attention whether you are distributing marketing materials or even if you are just maintaining a sizable hobby mailing list.

Microsoft has provided a detailed explanation of the entire email authentication procedure, but the following are the bullet point compliance requirements:

SPF: Must be successful for the sending domain, and the DNS record for your domain should correctly identify all permitted IP addresses and hosts.

DKIM: Required to verify the authenticity and integrity of emails.

DMARC: The configuration must at least have p=none and be in line with SPF or DKIM, ideally both.

The Outlook’s New Security Rules Will Help Authorized Senders

Microsoft stated that by taking these steps, “spoofing, phishing, and spam activity will be reduced, giving legitimate senders better deliverability and stronger brand protection.” This is consistent with Google’s claims that strong email sender authentication will be made essential in order to safeguard Gmail users.

However, enterprises must first create email accounts to receive DMARC reports in order to fulfil the May 5 deadline. “Receiving the reports is part of the DMARC protocol to protect you against spoofing and improve overall email deliverability if you are set up for DMARC,” explained Red Sift technology lead Faisal Misle. Misle cautioned that selecting the best DMARC supplier is crucial because the market is crowded with them. “My best recommendation is to choose a DMARC provider that will help you visualize the issue by prioritizing the results, in addition to providing you with fast results,” Misle stated.