Blog Post

Microsoft Defender for Office 365 Blog
5 MIN READ

Strengthening Email Ecosystem: Outlook’s New Requirements for High‐Volume Senders

Puneeth's avatar
Puneeth
Icon for Microsoft rankMicrosoft
Apr 02, 2025

This applies to Outlook.com - our consumer service, which is supporting hotmail.com live.com and outlook.com consumer domain addresses.

April 29th Update - Changes have been made to the action take on messages that do not meet requirements, please see details below. Introduction In an era where email remains one of the most widel...
Updated Apr 30, 2025
Version 4.0
awareness & training
email protection basics
Cdary's avatar
Cdary
Copper Contributor
Jun 26, 2025

SRS is a solution, why do you thing it breaks DKIM ?

Andersin's avatar
Andersin
Copper Contributor
Jun 26, 2025

SRS rewrites headers that are covered with the original DKIM signature.

Of course you can add a new DKIM signature, but it only proves that the mail was re-sent by the forwarding server.

From the security aspect, bad actors may trivially mimic SRS and there is no way for the receiver to differentiate legitimate and  fake relayed mail.

  • markalleyTJX's avatar
    markalleyTJX
    Copper Contributor
    Jun 26, 2025

    SRS rewrites the RFC5321.mailfrom (envelope from), which is input prior to the SMTP DATA command. DKIM (in its current iteration) can only sign headers added during the DATA stage.

    Currently SRS has no relation to DKIM whatsoever.

    • Andersin's avatar
      Andersin
      Copper Contributor
      Jun 26, 2025

      I stand corrected but modifying only the RFC5321.mailfrom leads to DMARC alignment failure.

      • Cdary's avatar
        Cdary
        Copper Contributor
        Jun 26, 2025

        RFC5321.mailfrom alignment is not necessary for DMARC validation, as long as DKIM pass & align.