• by Ray Schultz , Columnist, May 31, 2024

Microsoft is joining Gmail and Yahoo in enforcing tough email authentication rules.  

The tech giant announced this week that it is enacting similar requirements for its email services, resulting in near-global adoption, DMARC vendor Valimail reports.  

Microsoft has not yet announced a specific timeline — "it’s a ‘when, not an if,’” the company says. Gmail’s and Yahoo Mail’s rules are already being enforced.  

If you send consumer emails, these rules apply to you, Valimail warns. 

All emails must pass DKIM (DomainKeys Identified Mail), SPF (sender policy framework) and DMARC (domain-based message authentication, reporting, and conformance) to be delivered, according to Valimail.  

These tools act in the following ways:

• DKIM provides an encryption key and digital signature that verifies the message was not forged or altered. 
• SPF allows a company to define which IP addresses are allowed to send emails for a domain.  
• DMARC provides a report on messages that failed the authentication, allowing you to determine whether someone using the domain is a spammer.

With Microsoft joining the fold, the policy shifts will impact the entire email ecosystem, Valimail says. 

The latest deadline? Gmail senders must implement one-click unsubscribe in all commercial and promotional messages, effective in June. 

“We applaud Microsoft in underscoring the need for strong email authentication done well, along with Google and Yahoo, and elevating these new requirements into a truly global initiative to protect not just consumer but also enterprise mailboxes at scale,” says Seth Blank, CTO of Valimail.