You Have 17 Days To Comply — New Rules Impact 500 Million Outlook Users
Email has been both a blessing and a curse for billions of users. Unfortunately, it's definitely been a blessing for hackers and a curse for consumers who receive their phishing attacks, malware attachments and more. Although highly-targeted 'spear' phishing attacks are increasingly seen as the way to go by sophisticated threat actors, there's no doubting the broad impact that spray-and-pray scammers, sending large volumes of email on a daily basis, have on the email ecosystem. It's these malicious spam floods that can cause the most significant security issues, and it's these that Microsoft is focusing on as it introduces new email security rules impacting the 500 million users of outlook.com, including hotmail.com and live.com addresses. Here's what you need to know and do before May 5.
Google has already taken action against the problem of malicious bulk senders impacting the security of users of the Gmail service by introducing new sender authentication requirements on April 1. The point of these news rules is to mitigate the risk of criminals using unauthenticated or compromised domains to deliver dangerous payloads. Now, at last, Microsoft is following suit and introducing similar rules to 'reduce the likelihood of spam and spoofing campaigns reaching our user base,' according to an April 2 Microsoft announcement on the Windows Defender security blog.
Applying to domains sending more than 5,000 emails in a single day, and to the Outlook.com consumer service that supports hotmail.com, live.com, and outlook.com consumer domain addresses, the May 5 rules will require mandatory Sender Policy Framework, DomainKeys Identified Mail and Domain-based Message Authentication, Reporting, and Conformance compliance. 'Non‐compliant messages will first be routed to Junk,' Microsoft said, and eventually rejected if issues remain unresolved.If you are sending marketing materials, or maybe just run a large hobby mailing list, you need to take note.
The full email authentication process has been explained in some detail by Microsoft, but the bullet point compliance requirements are as follows:
'These measures will help reduce spoofing, phishing, and spam activity,' Microsoft said, 'empowering legitimate senders with stronger brand protection and better deliverability.' This mirrors the statements made by Google regarding the introduction of mandatory strong email sender authentication to protect users of the Gmail service.
To meet the May 5 deadline, however, organizations must first set up email addresses to receive DMARC reports. 'If you are set up for DMARC,' Faisal Misle, the technical lead at Red Sift, said, 'receiving the reports is part of the DMARC protocol to protect you against spoofing and improve overall email deliverability.' Misle warned that the market is filled with DMARC providers and choosing the right one is paramount. 'My best advice is to pick the DMARC provider that, yes, gets you quick results,' Misle concluded, 'but also helps you visualize the problem by prioritizing the results.'
If you are a bulk sender of email using the Outlook.com platform, take heed and act now — time is fast running out.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Tom's Guide
41 minutes ago
- Tom's Guide
It's time to update Chrome — zero-day bug is being exploited in the wild by hackers
Google has issued an emergency security update patch for Chrome in order to fix three security issues including one zero-day bug that has been actively exploited in the wild by hackers. This makes it the third active vulnerability to be patched via emergency update since the start of the year, with two others occurring in March and May. As reported by Bleeping Computer, the latest flaw, tracked as CVE-2025-5419, is a high-severity vulnerability caused by an out-of-bounds read and write weakness in the V8 JavaScript and WebAssembly engines in Chrome. It was initially reported on a week ago by members of Google's Threat Analysis group; Google has confirmed that it is being exploited in the wild though the company is not sharing much additional information at the time as they are waiting until more users have had an opportunity to patch their browsers. In the security advisory published on Monday, the company is quoted as stating: 'Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.' This is typical when it comes to active exploits, as it keeps other threat actors from hopping on the band wagon to take advantage of the vulnerability before users are able to update the fix. However, reporting from The HackerNews, says that the flaw involved allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. Google reports that the issue was mitigated a day after it was reported via a configuration change that was pushed through the Stable Desktop channel across all the Chrome platforms. The zero-day flaw was likewise corrected the same day with updates to Chrome that are rolling out to users in the coming weeks. Chrome does automatically update when new security patches become available, however users can make sure the installation is completed by going to the Chrome menu > Help > About Google Chrome. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Let the update finish then click Relaunch in order to make sure the patch has installed. The update versions are 137.0.7151.68/ .69 for Windows and macOS and version 137.0.7151.68 for Linux. Users of other Chromium-based browsers (Edge, Brave, Opera, Vivaldi) should apply the updates as they become available.
CNET
an hour ago
- CNET
Walmart Deals of the Day: Dyson's Powerful Big Ball Vacuum Is $150 Off
While we don't have the official dates quite yet, Amazon has confirmed that its next Prime Day sale will be in July. But you don't have to wait until next month to start scoring big savings. Walmart offers some great deals year-round, and CNET is here to help you make the most of them. Every day, we single out some of the absolute best bargains available, and for today, June 3, that includes $150 off a powerful Dyson vacuum, $50 off a top-rated Google security camera and a pro-grade SteelSeries streaming mic that's $160 off. This Dyson combines the power of a corded vacuum with the maneuverability of a cordless model for serious versatility. It boasts 250 air watts of suction to tackle serious messes on both carpet and hardwood floors, and the wand features 360-degree articulation to help you reach all the nooks and crannies. It's also equipped with whole-machine filtration that traps dust, allergens and other particulates as small 0.3 microns. Plus, it has a large 1.5-liter dust bin which is easy to empty with the press of a button. This Google Nest Cam is one of the top security cameras on the market right now. It's weather-resistant, so you can use it outdoors as well as indoors, and it's battery-powered, which makes it easy to install. It boasts 1080p video resolution with night vision, and you can check in anytime with a 24/7 live feed. Plus, it will automatically store three hours of video footage when there's activity detected. Our reviewer was also impressed with its AI detection capabilities, which can tell the difference between people, animals and vehicles and will send accurate notifications straight to your phone. It's also equipped with two-way audio so you can easily chat with visitors or delivery drivers. If you're an aspiring streamer or podcaster, this deal is a great chance to upgrade your setup without breaking the bank. This pro-grade microphone is equipped with an extra-large capsule for richer, fuller broadcast-quality audio, and this deal includes SteelSeries' Sonar sound mixing software so you can easily customize your recording. Plus, it comes with an XLR stream mixer with mappable controls so you can adjust your audio on the fly.
CNET
an hour ago
- CNET
I Tried Microsoft's New Free AI Video Generator: Here's How to Use It
Microsoft has a new, free tool to let you create AI-generated videos: the Bing Video Creator. When I tried it out just now, typing in a text prompt, in less than a minute the app generated a 5-second video of the Bing logo on an inflatable floating in a pool along with flamingo and donut floaties. There are some limitations -- for starters, the 5-second length. Also, for now, videos are only in a 9:16 vertical format; Microsoft says a 16:9 horizontal format will be available soon. Users have the option of making a "fast" or "standard" video. Fast, which is the default, is almost instantaneous, while Standard can take hours, according to the app. Fast requires the use of Microsoft Rewards points, which can be earned with Bing searches and Microsoft Store purchase, among other ways. This is a frame from the 5-second video that Bing Video Creator whipped up for me. In the video, the water ripped gently and the floats bobbed lightly. Created by Omar Gallaga using Bing Video Generator The feature is currently only on the Bing Search mobile app, but is coming to Windows desktops and Copilot Search, according to the company. It's powered by OpenAI's Sora video technology Bing Video Creator joins other major AI-driven video creation tools, including Sora from OpenAI's ChatGPT, Adobe Firefly, Google Veo, Runway and Meta Movie Gen. You can check out what Google's latest Veo 3 feature can do for those willing to pay for Gemini Ultra. The technology is moving quickly, with more and more options becoming available, some offering free access, others charging a fee or including them in AI-service subscriptions. How to use Bing Video Creator It's not instantly intuitive how to find or use the Video Creator, especially if you're not already using the Bing Search app. In the app, I accessed the feature by clicking on the box on the bottom right of the home screen. That brings up lots of apps within the app; look for "Video Creator" on the bottom left. There, you can create a still image or video by typing in a text prompt. Using the Fast option, which is the default, should generate the short video in moments. You can also type "Create a video of..." directly in the app's main search bar if you don't want to hunt for the feature. You can download and share the video. When I tried it out, I found the video was not very high quality and was not easy to download directly from the app. Sharing a link to the video creation and viewing it outside the app offers an option to download the full video. Microsoft says it will keep your video creations available for 90 days.
