If your business relies on email to communicate with customers, suppliers or staff, it is time to check how secure those emails really are. Microsoft has announced new email authentication requirements due to take effect from May 2025. While they apply to large senders, the message is clear: all businesses, big or small, should be using proper email authentication to protect their brand, their data, and their customers.
What Are the New Microsoft Email Requirements?
Microsoft is strengthening email protections by requiring organisations to use three core authentication methods:
- SPF (Sender Policy Framework): Verifies that emails come from an authorised server.
- DKIM (DomainKeys Identified Mail): Adds a digital signature to confirm the message has not been tampered with.
- DMARC (Domain-based Message Authentication, Reporting, and Conformance): Tells email providers what to do with messages that fail SPF or DKIM, helping to block spoofed emails.
Although these changes are being enforced for senders of 5,000+ emails per day, the best practice is clear. Any business sending emails from its own domain should have these protections in place.
Why It Matters for Small Businesses
You do not need to send thousands of emails for this to apply to you. If you use email for quotes, customer updates, invoices, newsletters or support, then your reputation relies on those messages arriving securely and being trusted.
Here is why every small business should care:
- Improves deliverability: Authenticated emails are more likely to reach inboxes rather than spam folders.
- Protects your brand: Prevents criminals from spoofing your domain and sending fake emails in your name.
- Builds trust: Customers are more likely to open and act on your messages if their email provider marks them as safe.
Even one phishing attack using your company name could damage your credibility and put customers at risk.
What You Need to Do Next
If you own a domain name and send emails from it, check that your DNS settings include the following:
- SPF record: Lists the servers allowed to send email on your behalf.
- DKIM setup: Allows your email platform to digitally sign outgoing messages.
- DMARC policy: Instructs receiving mail servers how to handle unauthenticated messages and sends reports back to you.
You can usually find these settings in your domain registrar or email provider’s control panel. For Microsoft 365 users, this is already part of the ecosystem and can be configured through the admin centre.
Not Sure Where You Stand? Scan Your Domain for Free
Want to know if your business email is properly protected?
You can use our free domain scan tool on the Techscend website to check whether SPF, DKIM and DMARC are set up correctly. It only takes a few seconds and gives you instant insights.
👉 Scan your domain for free now
Common Pitfalls to Avoid
- No SPF record at all: This is the bare minimum and should be set immediately.
- Using a third-party sender without updating SPF: If you use tools like Mailchimp or Xero, your SPF must include them.
- No DMARC policy: Without this, you are missing out on valuable reports and leaving your domain unprotected.
Better Email Security Starts Here
This update from Microsoft is part of a wider shift to make email more secure. Regardless of how many messages you send, setting up SPF, DKIM and DMARC is an important step in protecting your communications.
At Techscend, we help small businesses improve their security and manage their Microsoft 365 setup the right way. If you’re not sure where to start, try our free domain scan or contact us for expert support.
👉 Run your domain scan now or get in touch with our team to strengthen your email security.
Photo by Angel Bena at Pexels.com