Microsoft Office 365 Requires DMARC Compliance

Microsoft is taking more proactive steps to ensure email security by rolling out a new feature for Office 365 called Unverified Sender.  It allows users to keep their Outlook inbox safer and reduce fraudulent mail by flagging email that are not DMARC compliant .  If you send email to Outlook.com users or Office 365 users, this could severely impact your email deliverability!

How Does the Unverified Sender Feature Work?

According to their official Microsoft Roadmap, the Unverified Sender feature is described as follows:

“Unverified sender is a new Office 365 feature that helps end users identify suspicious messages in their inbox. In order to help customers identify suspicious messages in their inbox, we’ve added an indicator that demonstrates Office 365 spoof intelligence was unable to verify the sender.”

The Unverified Sender feature checks if the sender of an email can be verified. If its origin is found and identified as harmful/fraudulent, this feature works by providing Outlook users with a distinct visual indicator. 

When an Unverified Sender is detected, Outlook customers will see a “?” next to a message you sent to their Office 365 inbox, which means it is considered unverified. 

For example:

message-did-not-pass-verification

Once Unverified Sender is enabled by the user, the warning indicator will alert Office 365 customers about the potential risk that the email poses, especially phishing attacks or sender spoofing attempts

What Criteria Is Used?

To be Verified, your email must pass either SPF or DKIM authentication and also achieve DMARC compliance. When Outlook can’t verify if the identity of the sender is DMARC compliant, the “?” indicator is displayed in the sender photo field, as shown in the above visual. With this update from Microsoft, DMARC should now be at the top of your priority list if you haven’t adopted it yet.

How Does the Feature Affect My Business?

If your business sends email to Office 365 and Outlook users (which most businesses do today), it’s critical to avoid being marked as an unverified sender.  Adopting DMARC and getting all your legitimate senders to DMARC compliance is now a business necessity. Without DMARC, you run the risk of having Microsoft’s new Unverified Sender feature label your outbound messages as suspicious threats customers, vendors and partners, impacting your email deliverability and potentially your business.

MxToolbox is here to guide your company through the DMARC process and help optimize your email deliverability.  We offer several solutions to help you get your email DMARC compliant and monitor the on-going DMARC compliance of your email:

  • Delivery Center is our base package that allows you to monitor the SPF, DKIM and DMARC compliance of your email while giving you insight into emerging email threats.
  • Delivery Center Plus gives you all the great reporting of Delivery Center combined with deeper reporting on Phishing and Fraud using your domain.
  • Delivery Center Managed Services gives you access to our Email Experts who manage your DMARC compliance and free you to focus on your business.