Microsoft’s Outlook.com is updating its policy to respect DMARC. This move will be implemented and will begin to roll out starting in June. By respecting DMARC, Outlook.com will reportedly discard about 500 million spam messages per day. This is good news for email administrators as messages from domains not adhering to DMARC can often be malicious or fraudulent. The move has the potential to result in a significant reduction in the amount of emails reaching users’ inboxes from fraudulent accounts, which are often sent with the goal of obtaining personal information. This will force spammers to change tactics, increasing their efforts to impersonate actual domains and people, undermining DMARC’s protective capabilities.
Excerpt from the main article:
Microsoft OLC, aka “Microsoft Outlook Consumer,” aka what used to be called Hotmail, now called Outlook.com (which includes the domains hotmail.com, outlook.com, live.com, msn.com, and all the other Microsoft domains I’ve listed here), will soon respect DMARC policy on inbound mail, declining to accept unauthenticated mail from domains with a DMARC policy of “reject.” Yahoo and Gmail already reject this type of failed mail today.Current state: If an email message sent to Microsoft OLC domains failed DMARC and the DMARC domain had a policy of “reject,” Microsoft would not actually reject that email message. It would end up in the junk mail folder instead. (Even though the specification strongly suggests that this mail should be rejected.)Why this is sub-optimal: It overrode a domain owner’s publicly stated desire (via that DMARC record in DNS) to reject mail that failed DMARC checks. This meant that more bad mail was likely to get into
Microsoft OLC will soon respect DMARC policy was originally published on Spam Resource: All Things Deliverability
