If you are wondering why your mail is going to spam, or not arriving at all, in Hotmail, Outlook or Microsoft Live, whether you mean the email you are receiving in your Hotmail or Outlook account, or the email that you are sending to Hotmail or Outlook, this may be why, especially if it just started happening.
There is something known as email authentication. Actually there are at least three different mechanisms that are three different methods of email authentication. What email authentication means is providing a way that proves to the service that hosts your inbox that the email being sent to you is actually from the person or company that it claims to be from. This is really important, as email spoofing (making email look like it’s from someone that it’s not) is one of the primary methods of scamming through email. (For a really great example of how spoofing email allowed a criminal to gain access to millions of dollars, see How Displaying Sender’s Contact Image and Info in Email Allows Scammers to Steal from You.)
So email authentication is really important. The three main mechanisms for email authentication are called SPF, DKIM, and DMARC. See here for a plain English explanation of each of these email authentication mechanisms.
But what does this have to do with your email not arriving or otherwise disappearing in Hotmail and Outlook, or Hotmail and Outlook putting email in the spam folder?
Here’s what: DMARC authentication is how email senders tell the inbox providers what those inbox providers should do with email that claims to be from the sender, but that doesn’t pass authentication with one or both of the other two authentication mechanisms (SPF and DKIM). Essentially DMARC says “if you can’t prove that the email really came from me, do X with it”, where X is one of several options, including reject it.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
Here’s how it works; let’s say that the email being sent is from joe@example.com. Example.com’s DMARC says “if you can’t prove either with SPF or DKIM that this email is really being sent by example.com, reject it.” In other words, if you can’t authenticate it with either SPF or DKIM, reject it.
Now up until just now Microsoft wasn’t necessarily being strict about following the “reject it” request in a sender’s DMARC. But now they are. Microsoft announced this month that if the stated policy in a given sender’s DMARC says to reject email that claims to come from them if it can’t be authenticated, then Microsoft will reject it, which means bouncing it instead of delivering it to Hotmail, Outlook, or MS Live inboxes. And, generally speaking, this is a good thing, because it means that bad guys who spoof that sender’s email in order to scam you will no longer be able to get through to you.
BUT, and it’s a big but, there are a whole lot of email senders who have in their DMARC to reject email if it doesn’t pass SPF or DKIM, and who also don’t have their SPF or DKIM set up properly (this according to our friends over at GetToTheInbox.com) and so this may be why you either suddenly aren’t able to receive email from a particular sender, or you are unable to get the email you send delivered into those Microsoft inboxes.
If you are an email sender experiencing this issue, make sure that your SPF and/or DKIM are set up properly (if you need help figuring this out, the folks over at GetToTheInbox.com can help). If you are an email recipient who is suddenly experiencing this issue when friends or companies are trying to send email to you, tell them to check their SPF and DKIM, and their DMARC reject policy.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.