As of May 5, 2025, Microsoft started enforcing stricter authentication requirements for bulk email senders targeting their consumer domains (hotmail.com, outlook.com, live.com, etc.). The most visible sign of these changes is the SMTP rejection: “550 5.7.515 Access denied, sending domain [SendingDomain] does not meet the required authentication level.”
This error indicates that the sending domain has not properly implemented domain-based authentication, specifically SPF, DKIM, and DMARC, which aligns with Microsoft’s updated sender guidelines.
Wondering if you’re affected by this new requirement? Specifically, are you trying to tell if you’re having deliverability troubles resulting in mail being rejected by Microsoft? We’ll dive into three ways to identify if your Microsoft mail is being blocked.
Find your blocked Microsoft emails
Ultimately, there are three ways you can investigate and identify if (or potentially if) your email sends are being rejected, or are likely to be rejected, because of a failure to comply with these new requirements.
Your options are:
- Check your email service provider, newsletter platform, CRM tool, or email marketing software to identify whether or not Hotmail.com and Outlook.com are rejecting emails with this specific SMTP rejection.
- If you can’t easily access the “raw” or detailed bounce/SMTP rejection information in your email service provider, newsletter platform, CRM tool, or email marketing software, review the campaign or send reporting instead, looking for elevated rates of bounces/rejections for sends specific to hotmail.com and outlook.com.
- Use Valimail Monitor to look for elevated levels of authentication failures across one or more of the sending services identified within our platform.
1. Find provider-specific links for viewing SMTP bounces
To find SMTP rejections or bounces from an email campaign, where you go and what data you’ll see depends on the email sending platform (email service provider, CRM tool, newsletter, or email marketing platform) you’re using. Though you’re generally looking for the same thing (evidence of the new “550 5.7.515 Access denied” rejections), each platform logs these and other bounces differently, and the level of detail available—whether granular for troubleshooting or summarized for reporting—varies significantly. Some provide full SMTP response codes and bounce classifications in dashboards or downloadable logs, while others offer only high-level summaries. You’ll need to review your platform’s documentation or support resources to understand where and how this information is presented, and you may need to reach out to the platform’s support team for assistance.
Here are links to more information regarding where to find more information about specific SMTP rejections and bounces for some of the top email marketing platforms and email service providers.
- Mailchimp: View Bounce Reasons. Learn from recent campaigns how to view bounce details, including SMTP replies.
- Salesforce Marketing Cloud: Bounce Mail Management. Use the _Bounce data view and SQL queries to locate SMTP rejections like 550 5.7.515.
- SendGrid (Twilio): Delivered, Bounced, Blocked & Deferred Emails. Track bounces via the Email Activity dashboard or Event Webhook, and view detailed SMTP responses.
- Amazon SES: Troubleshoot Undelivered Emails. Parse bounce notifications received via Amazon SNS to identify Microsoft-specific SMTP errors.
- AWeber: Understanding Bounced Emails. Check subscriber activity history for bounce reasons related to domain-level authentication.
- Constant Contact: Undeliverable and Blocked Bounces. View bounce categories and learn how Constant Contact classifies blocked messages.
- Klaviyo: Bounced Emails Overview. Use campaign reports to drill down into bounce types and domain-level delivery failures.
- HubSpot: How to View and Resend to Bounced Contacts. Find bounced recipients by email domain and review their associated error messages.
- Campaign Monitor: Bounce Report Details. Review bounced emails with SMTP reasons, and filter by Microsoft domains as needed.
2. Look for elevated bounce rates
Another indicator that your email messages are likely being rejected by Microsoft consumer domains (such as outlook.com, hotmail.com, or live.com) is based on finding a noticeable spike in bounce rate for those specific domains. Most email marketing platforms provide high-level campaign performance metrics. If you’re seeing a significantly higher bounce percentage for Microsoft addresses compared to other domains, it’s a strong sign that something’s wrong. This can happen even when messages to non-Microsoft recipients are being delivered fine, making the Microsoft bounces stand out more clearly in your domain-by-domain breakdowns.
Your best next step is to drill down into bounce reports and look at the SMTP error messages associated with those Microsoft bounces. If that leads you to find “550 5.7.515 Access denied, sending domain [SendingDomain] does not meet the required authentication level” SMTP rejections. You’ve definitely found proof that the messages you send are affected.
3. Uncover issues with Valimail Monitor
Another valuable solution for diagnosing and preventing Microsoft-related delivery issues is Valimail Monitor. It provides a comprehensive view of all the sources sending email on behalf of your domain and how well those messages are authenticated. Monitor ingests DMARC aggregate reports and visualizes which sending services are passing or failing SPF, DKIM, and DMARC, making it easy to spot trouble spots across your email ecosystem.
If you’re worried about Microsoft rejections, Valimail Monitor can help you identify which of those sources are most likely at risk. Reviewing the Authentication Failures section of the dashboard, you can identify which third-party platforms or internal services are sending unauthenticated emails that lack proper alignment. These sources represent your highest risk of Microsoft blocking, especially under the new requirements that now strictly enforce domain-level authentication for bulk senders.
Proactively reviewing your Monitor dashboard lets you isolate and remediate problematic senders by configuring SPF and DKIM correctly, aligning the From domain, or removing unauthorized sources entirely. It’s essential in tightening your authentication posture and reducing the chances of being blocked at the inbox level.
3. Confirm compliance with Valimail’s Email Analyzer Report
Valimail’s Email Analyzer Report is a powerful diagnostic feature that helps senders verify whether their email authentication setup aligns with the current industry requirements, including those recently enforced by Microsoft for high-volume senders. After you send a test message to the analyzer address, Valimail generates a detailed report breaking down SPF, DKIM, DMARC, and other crucial authentication factors.
To confirm compliance with Microsoft’s updated policies, you’ll want to pay close attention to three things:
- That SPF passes for the domain shown in the “Mail From”/Return-Path.
- That DKIM passes for a domain that aligns with the visible “From” address.
- That DMARC passes due to alignment with either SPF or DKIM (preferably both).
The report clearly shows whether these mechanisms passed and whether domain alignment criteria were met. Microsoft now checks these key elements as part of its delivery policies for consumer inboxes.
Get access to your Email Analyzer Report for free: Just log in to your Valimail account (or create one today) and click on Email Analyzer Report from the side panel to get started.
Start your DMARC journey today
It’s easy and free to get started with Valimail Monitor. Our platform continuously monitors your email authentication, automatically identifies all your legitimate senders, and helps you prepare for modern sender compliance requirements.
