TL;DR
Microsoft has joined Gmail and Yahoo in tightening email requirements to reduce spam and protect inboxes.
The good news? If you followed domain and deliverability guidance for the Gmail and Yahoo changes in 2024, you’re already compliant.
These changes are part of a wider industry shift towards safer, more trustworthy inboxes - giving brands like yours the opportunity to stand out for doing things right.
Not sure if your setup ticks every box? This guide provide a summary of the requirements, showing how your setup with Emarsys meets (and exceeds) all the major provider standards:
🔗 See full guidance & comparison table
Microsoft Update
In April 2025, Microsoft announced new requirements for bulk email senders targeting Microsoft mailboxes (like Outlook.com, Hotmail, Live, and MSN). These updates align with the broader push by major mailbox providers - Google and Yahoo included - to improve inbox security, reduce spam, and ensure a better experience for recipients.
First things first – what does it mean to you, as a sender?
If you're an SAP Emarsys client and have already followed our guidance for the Google/Yahoo changes, you're in good shape! Microsoft’s requirements closely mirror what’s already in place with Gmail and Yahoo, so no additional changes should be needed.
🔗 Read our detailed guide to the 2024 Google/Yahoo requirements
🔗 See Microsoft’s 2025 announcement here
Summary of Microsoft Sender Requirements
If you send more than 5,000 messages per day to Microsoft mailboxes (like Outlook.com, Hotmail, Live, and MSN), you now need to ensure the following:
✅ Authenticate Your Email with SPF, DKIM, and DMARC
-
SPF and DKIM are required for authentication.
-
DMARC must be in place with a policy (
p=none,quarantine, orreject).
✅ Include a Functional Unsubscribe Option
-
Every marketing email must include a working and clearly visible unsubscribe mechanism.
-
Requests must be honored within two days.
-
Note: At the time of writing, these published Microsoft requirements do not currently include any specific
List-Unsubscriberequirements.
✅ Comply with Microsoft’s Sending Practices
-
Senders must follow Microsoft’s guidelines on volume, complaint rates, and content reputation.
-
Maintain mailing list health by suppressing inactive or unengaged users, and validating new sign-up data.
🔗 Read our guide on validating new sign-up data
🔗 See our detailed guide on maintaining list health and Sender Reputation
How Does This Compare to Google and Yahoo?
While Microsoft is catching up in formalizing these requirements, the direction is consistent across all three major providers. Because this is a consistent direction, your setup with Emarsys is already up to date:
| Requirement | Google/Yahoo (Feb 2024) |
Microsoft (Apr 2025) |
Emarsys Senders |
| SPF and DKIM required | ✅ Required | ✅ Required | ✅ Fully supported and enforced |
| DMARC required | ✅ Required | ✅ Required | ✅ Implemented or advised for all senders |
| List-Unsubscribe Header | ✅ Required (with POST support) | ❌ Not (yet) required | ✅ Included by default |
| Visible Unsubscribe Link | ✅ Required | ✅ Required | ✅ Included by default |
| Honor unsub requests quickly | ✅ Within 2 days | ✅ Within 2 days | ✅ Automated processing within Emarsys |
| Spam complaint monitoring | ✅ Recommended | ✅ Recommended | ✅ Advised to use GPT |
| Engagement-based suppression | ✅ Strongly encouraged | ✅ Strongly encouraged | ✅ Built into deliverability guidance and reporting |
Important Note on “One-Click Unsubscribe”
Gmail and Yahoo refer to a one-click unsubscribe requirement. This is poorly-worded, and actually refers to the the List-Unsubscribe POST mechanism in the email header, not a one-click link in the email body. In fact, a true one-click unsubscribe in the email body can cause accidental opt-outs when security filters test links for safety. We explain this further in our guide.
What Should You Do Now?
If you’re following Emarsys recommended setup and sending practices, you are already compliant with Gmail and Yahoo’s 2024 updates, and have everything required by Microsoft.
Still, this is a great time to double-check:
-
Your domain setup authentication (SPF, DKIM, and DMARC), using Emarsys Domain Validation.
-
You have a clear and working unsubscribe mechanism.
-
You’re actively controlling email volumes to inactive contacts.
- You have implemented a Data Lifecycle to remove / sunset end-of-life contacts
-
You’re monitoring replies, bounces, unsubscribe rates
-
You have implemented Google Postmaster Tools to monitor reputation and complaint rates.
Final Thoughts
Microsoft’s move brings it into alignment with the industry-wide shift toward better authentication, transparency, and user control. And if you’re an Emarsys client who already implemented the changes for Gmail and Yahoo, you’re already ahead of the game.