Is Microsoft getting on the Yahoogle bus?

Is Microsoft getting on the Yahoogle bus? Maybe that's too silly a way to frame such an important question.

Let's reframe this more specifically. The question ultimately is: Does Microsoft plan to implement more stringent sender requirements, similar to those announced by Yahoo and Google in late 2023 and implemented in early 2024?

And answer is: It surely seems like it.

On this recent Twilio Sendgrid webinar that featured Twilio, Yahoo, Google, Microsoft and Valimail folks in a roundtable discussion on email authentication, sender requirements, deliverability and more, the question was asked of the representative from Microsoft about any future plans in this regard. While he did not get into specifics, he did basically indicate that it was a question of “WHEN,” not “IF.” Meaning that, based on this, it seems reasonable to expect that Microsoft will at some point in the future enact updated sender requirements that are similar to what Yahoo and Google have already published.

Not only did Twilio Sendgrid follow up with a blog post confirming this, but it was covered here by Valimail (disclaimer: I’m employed by Valimail) and Socketlabs was quick to share their observations on this as well.

Socketlabs went on to add great additional context around the current state of deliverability as seen by most senders to Microsoft; highlighting that they’re a mailbox provider that has already been tightening up their spam filtering and authentication requirements (something I’ve observed myself). These requirements – having existed for a long time in the form of best common practices – are a natural evolutionary next step to firm up and adopt when it comes to helping to put the squeeze on phishing and spoofing by way of driving further broad adoption of authentication protocols, and specifically, adoption of DMARC.

To that end, my take on this is: Even if Microsoft hadn’t answered this question, things would still be moving in that direction.

And it also suggests to me that it’s time to start thinking about “future proofing” your authentication configuration and ensuring your sending practices aren’t so close to the line that some small, future small change in requirements will suddenly push you over the edge so that you find yourself out of compliance.

And that if you manage a sending platform, time to think about how to nudge your clients in the right direction a little bit further (toward, for example, a DMARC policy of p=reject) so that you don’t end up having to force 50,000 clients to update in a last minute mad scramble after the mailbox providers force it. Everybody you configure better today means you’ll have one less support ticket tomorrow.
Post a Comment