Microsoft's new deliverability requirement will have an outsized effect on B2B marketers, with other additional recommendations also likely to impact them more than their B2C counterparts.
Let's break down the new requirement and the four recommendations.
The One Requirement: Publish a DMARC Policy
Microsoft now requires domains sending more than 5,000 emails per day to publish a DMARC policy. That requirement aligns with the joint Google-Yahoo deliverability requirements, which were announced in late 2023 and went into effect in 2024.
Along with email authentication via SPF and DKIM, DMARC helps mailbox providers identify potential spoofing, where spammers and phishers try to present their messages as coming from trusted brands.
For B2B brands, that now means they have to have DMARC in place to reach 96% of their email marketing audience, on average, according to Validity. That's because 61% of B2B email audiences use Microsoft email clients, including Outlook and Office 365, and another 35% use Google email clients, including G Suite.
Google, Yahoo, and Microsoft currently require senders to publish only a DMARC policy of p=none, which tells mailbox providers to ignore SPF and DKIM failures. Although that doesn't sound like it would be effective, simply having a DMARC policy in place allows brands to generate DMARC reports that detail all the IP addresses and domains that are sending email purportedly from their brand.
Generally, those reports are eye-opening, especially for larger organizations and B2B brands. They sometimes reveal that old systems are sending outdated automated messages. In other instances, they reveal that sales reps have set up unauthorized Mailchimp and other ESP accounts so they can send prospects emails while skirting company policies.
So, simply publishing a DMARC policy is an opportunity for brands to shut down these forgotten or unauthorized sending platforms.
The current p=none requirement is also just a warmup for more restrictive DMARC policy requirements in the future.
Once you're confident you've authenticated all the authorized sources of email from your brand, get ahead of the next change by proactively moving to a more restrictive p=quarantine or p=reject DMARC policy. The former instructs mailbox providers to send any email that fails an SPF or DKIM check to the recipient's spam folder; the latter instructs them to block it.
Most of our clients at Oracle Digital Experience Agency already have a p=reject DMARC policy in place, which provides their brands maximum protection from being spoofed.
That's the one requirement in Microsoft's announcement, but it also shares four "recommendations," saying Microsoft may filter or block senders who don't comply with them.
And just as requiring a DMARC policy of p=none is a precursor to a more restrictive policy requirement, those four recommendations may be precursors to future requirements.
Recommendation No. 1: Compliant Sender Addresses
Microsoft wants senders to not only ensure that their "From" and "Reply-To" addresses are valid and reflect their sending domain but also that those addresses be able to receive replies.
That second part is likely the bigger change for brands, and it represents a significant opportunity for B2B brands in particular.
That's because subscribers reply to our marketing emails, despite our collective efforts as an industry to tell them not to reply.
Besides out-of-office and other auto-replies, which many email service providers can automatically filter out for you, we find that subscribers reply with...
- Questions about the topic of your email
- Feedback on their experience with your message, including pointing out broken email links or landing page failures that stop them from converting
- Interest in talking to a sales rep or customer service rep
I personally monitor replies to the Oracle Digital Experience Agency newsletter, and I've seen all three of those kinds of replies. Each is valuable in its own way, but that last one can easily make the time spent monitoring replies worthwhile for B2B brands, because even one sale can often have big revenue implications.
Recommendation No. 2: List Hygiene and Bounce Management
Microsoft advises senders to remove invalid or unknown addresses regularly. Thankfully, any reputable ESPs should automatically be removing hard bounces on your behalf.
However, hard bounces are often a bigger problem for B2B brands because of their acquisition practices, which sometimes include buying or renting lists and collecting addresses at events and via lead generation efforts. In general, those practices tend to yield more invalid addresses and therefore hard bounces.
Layer on top of that the fact that business email addresses turn over far more quickly than personal email addresses, and you can see how bounce management is particularly critical for B2B brands.
Recommendation No. 3: Functional Unsubscribe Links
Microsoft recommends providing "an easy, clearly visible way for recipients to opt out of further messages."
To be clear, functional unsubscribe links are already a legal requirement of the CAN-SPAM Act of 2003, so this may be an indication that Microsoft is seeing bulk marketing messages that don't include unsubscribe links.
It's not uncommon for some B2B marketers to have campaigns that appear to come from an individual but are actually automated campaigns. Often, marketers are hesitant to include unsubscribe links in those emails because it ruins the illusion of the emails' being personal sends by sales reps.
But if that tactic is indeed on Microsoft's radar, it may be increasingly risky to exclude unsubscribe links. Furthermore, the next logical step here for Microsoft would be to require list-unsubscribe headers like Google and Yahoo do. That would up the risk of this tactic even more.
Recommendation No. 4: Transparent Mailing Practices
Finally, Microsoft advises senders to "use accurate subject lines, avoid deceptive headers, and ensure your recipients have consented to receive your messages."
Those first two items are also legally required by CAN-SPAM, but that last item is famously not required by US law, although permission is enshrined in marketing laws in Canada, the European Union, and many other places.
This recommendation may be an indication that Microsoft plans to make spam reporting more widely available across its email clients in the future, or that Microsoft will use current engagement signals and other behaviors, such as Sweep use, more aggressively as a proxy for permission.
Regardless of the approach, the biggest impact could be on B2B brands' use of cold email.
Mailbox providers have expressed concern about how the rise of generative AI functionality will boost the effectiveness of spam and phishing attempts. Microsoft's DMARC requirement is intended to help combat that. Requiring stronger permission practices is absolutely another way to protect email users from abuse.
* * *
Most B2B brands are likely already compliant with Microsoft's DMARC requirement, thanks to Google and Yahoo, which required that last year.
However, many B2B brands aren't yet adhering to Microsoft's four recommendations. But you should take them seriously; they're likely to turn into requirements when Microsoft eventually announces a requirement for stricter DMARC policies.
More Resources on Email Deliverability
Email Marketing Developments in 2024 and Their Ripple Effects in 2025
What Every Marketer Needs to Know About Email Deliverability
Taking the Mystery Out of Email Deliverability [Infographic]
