MicrosoftMicrosoftWe have been blocked by outlook.com, hotmail.com etc. since last Monday with the following error: 5.7.515 Access denied, sending domain doesn't meet the required authentication level. The sending domain in the 5322.from address does not fulfil the authentication requirements defined for the sender.
This only happens on a sender address with the same subject. We have SPF, DKIM and DMARC = Pass. How can this be? What can we do? The whole thing is business-critical!
Hai Andy1860
Your email might be authenticated (SPF/DKIM/DMARC pass), but Microsoft requires that the domain in the From address also align with the domain used for SPF/DKIM signing (a policy called "domain alignment").
This policy was tightened by Microsoft in 2024, in line with industry-wide anti-spam efforts (DMARC enforcement).
Verifying Header Alignment:
We’re reviewing the headers to ensure the 5322.From (the sender’s visible email address) matches the domain used in SPF and DKIM authentication.
Fixing Domain Alignment:
If there’s a mismatch — e.g., if the From: is email address removed for privacy reasons, but the SPF/DKIM are configured for mailer.yourcompany.com — we are either:
Adjusting the From: domain to align with the authenticated domain, or
Configuring custom DKIM/SPF records on your sending domain to align fully.
Testing & Revalidating:
After the above changes, we’ll test again to ensure the error no longer occurs and messages are accepted by Microsoft servers.
Please feel free to email me at j a i s u n d a r 2 0 2 5 @ o u t l o o k . c o m so we can discuss this further in detail.
