Microsoft announced that starting in April 2020, they are implementing Office365 Advanced Threat Protection (ATP). This change can impact your email deliverability to Office365 emails if you are sending through Omnisend shared domains.

Because of the impact of phishing attacks, when it comes to protecting its users, Microsoft takes the threat of phishing seriously. The company believes that the risk of continuing to allow sending an unauthenticated email is higher than the risk of losing a legitimate email. But let's get back to the very beginning and find out what was changed as well as how you can protect yourself.

Since April 2020, clients who are using one of our shared domains may start to see an increase in their bounce rates. Keep in mind that we are talking about Office 365 emails only. If you do not have any customers who are using this provider – you do not need to take any further actions. Your campaigns and bounce rates will not be affected even if you will keep sending through our shared domains.
​ 

If your customer list contains Office365 emails, you should consider starting to send through your own signed domain. How is it supposed to help you may ask? In the email client (Outlook, Gmail, Yahoo, or any other), only the "From:" domain is displayed, and that can mislead the user into thinking that the message came from YourDomain.com. In fact, it came from MaliciousDomain.com.

In the screenshot below, you can see an example of how your sender's email (From:) looks like in Outlook:

Although you can see that it is sent from Omnisend email, you cannot be sure if the sender's domain belongs to Omnisend or if is it just someone pretending to be Omnisend.

That's why Microsoft is asking to align your sender's email with the sender's domain (or subdomain). Only then will Microsoft filters be sure that you are an authenticated sender and will pass your email.

Once you start to send through your own signed domain, you will be the one responsible for its reputation. Keep in mind that you will need to take some extra time to warm the domain up. When warming your sender's reputation, we highly recommend you use our segmentation and start sending to the most engaged audience first.

It is crucial to monitor your deliverability performance for both your campaigns and automated workflows as it helps to identify possible problems at the early stage. Right now, when Office365 changes take place, you should pay even more attention to your bounce rate.

You can track open, click, spam, unsubscribe, and bounce rates of your campaigns over time in Omnisend Reports.

Please take into account that once a custom domain is signed, at the very beginning you will not be able to send it to all your contacts. The warm-up is mandatory to keep your sender's reputation on a high level. Otherwise, you can destroy the sender's reputation that you have built. This means it can have an impact not only on Office365 emails but on all of your clients.
​

Sending from the custom domain is one of the most recommended good sending practices. However, it will serve you only if you will be patient and responsible. The possibility to send from your own domain can do both: increase your metrics or harm you. Everything depends on your decisions so please before signing the domain evaluate if you really need it.

Remember, deliverability to Microsoft is not guaranteed even if you authenticate email originating from your platform. Authentication only ensures that Microsoft does not junk your email just because it lacks authentication. 

 
You can find more detailed information about Office365 Advanced Threat Protection (ATP) in the official Microsoft article here.