Microsoft 365 Admins Warned About Google’s New Strict Anti-Spam Rules

Security hero image

Key Takeaways:

  • Google has announced a new set of requirements for bulk senders to prevent unwanted emails and protect Gmail users.
  • Microsoft has warned that Microsoft 365 admins should authenticate outbound messages to improve deliverability.
  • Microsoft recommends email authentication, discourages using Microsoft 365 for bulk emails, and provides guidance on outbound spam protection.

Last week, Google made headlines with its announcement of new requirements for bulk email senders, signalling a renewed commitment to safeguarding Gmail users from the deluge of unwanted emails. In a similar vein, Microsoft has now chimed in, urging administrators to authenticate outbound messages to ensure continuous email delivery.

Google explained that the new policies are aimed at organizations that send large volumes of emails. The company will enforce a clear spam rate threshold to prevent bulk email senders from bombarding users with unwanted emails. Bulk senders are customers who send over 5,000 messages to Gmail accounts each day.

Additionally, Google will require organizations to implement SPF/DKIM and DMARC email authentication for domains. Bulk senders will also need to provide a one-click option to let Gmail recipients unsubscribe from commercial emails. However, these requests should be processed within two days. Google plans to impose the new requirements on bulk senders in February 2024.

Microsoft mentioned in its security advisory that emails from senders who fail to adhere to the new policies will be sent directly to the spam box. This move is designed to protect customers against phishing attacks.

“By setting up email authentication for your domain, you can ensure that your messages are less likely to be rejected or marked as spam by email providers like Gmail, Yahoo, AOL, Outlook.com. This is especially important when sending bulk email (large volume email), as it helps maintain the deliverability and reputation of your email campaigns,” the Exchange team explained.

Microsoft 365 anti-spam recommendations

Microsoft has warned customers not to use its Microsoft 365 service to send bulk emails. The built-in outbound spam control capabilities within Exchange Online Protection (EOP) will automatically block these emails. Microsoft recommends that enterprise customers who want to send bulk emails use on-premises email servers or third-party bulk email providers.

Last but not least, Microsoft has also detailed a series of recommendations for outbound spam email protection. Customers should avoid sending emails at a high rate or volume that could cause users to exceed sending limits. It’s also advised to use custom subdomains for bulk emails, but these domains should be configured with email authentication records in DNS.