Microsoft announced that starting from April 2020, they are implementing Office365 Advanced Threat Protection (ATP). This change can impact your email deliverability to Office365 emails if you are sending through Omnisend shared domains.

Contents

Why was this change made?
Protect your account
Monitor your Campaigns and Automation workflows
Key points

Why was this change made? 

Because of the impact of phishing attacks as, when it comes to protecting its users, Microsoft takes the threat of phishing seriously. The company believes that the risk of continuing to allow sending an unauthenticated email is higher than the risk of losing a legitimate email. But let's get back to the very beginning and find out what was changed as well as how you can protect yourself.
 

Check if it impacts you

Since April 2020, clients who are using one of our shared domains may start to see an increase in their bounce rates. Keep in mind that we are talking about Office365 emails only. If you do not have any customers who are using this provider – you do not need to take any further actions. Your campaigns and bounce rates will not be affected even if you will keep sending through our shared domains.
 

Protect your account

If your customer list contains Office365 emails, you should consider starting to send through your own signed domain. How is it supposed to help you may ask? In the email client (Outlook, Gmail, Yahoo, or any other), only the "From:" domain is displayed, and that can mislead the user into thinking that the message came from YourDomain.com. In fact, it came from MaliciousDomain.com.

In the screenshot below, you can see an example of how your sender's email (From:) looks like in Outlook:

Although you can see that it is sent from Omnisend email, you cannot be sure if the sender's domain belongs to Omnisend or is it just someone pretending to be Omnisend.

That's why Microsoft is asking to align your sender's email with the sender's domain (or subdomain). Only then will Microsoft filters be sure that you are an authenticated sender and will pass your email.

Once you start to send through your own signed domain, you will be the one responsible for its reputation. Keep in mind that you will need to take some extra time to warm the domain up. When warming your sender's reputation, we are highly recommending you to use our segmentation and start to send to the most engaged audience first.

Monitor your Campaigns and Automation workflows

It is crucial to monitor your deliverability performance for both: your campaigns and automated workflows as it helps to identify possible problems at the early stage. Right now, when Office365 changes took place, you should pay even more attention to your bounce rate.

You can track open, click, spam, unsubscribe and bounce rates of your campaigns over time in Omnisend Reports part:

Key things to note:

Please take into account that once custom domain will be signed, at the very beginning you will not be able to send to all your contacts. The warm-up is mandatory to keep your sender's reputation on a high level, otherwise, you can destroy the sender's reputation that you have built. This means it can have an impact not only on Office365 emails but for all of your clients.

Sending from the custom domain is one of the mostly recommended good sending practices, however, it will serve you only if you will be patient and responsible. Possibility to send from your own domain can do both: increase your metrics or harm you. Everything depends on your decisions so, please before signing the domain evaluate if you really need it.

  • Identify if your account will be affected;
  • Take a decision and if needed sign a custom domain;
  • Warm-up your sender's reputation by following our good practices;
  • Get the best possible deliverability results.

Remember, deliverability to Microsoft is not guaranteed even if you authenticate email originating from your platform. Authentication only ensures that Microsoft does not junk your email just because it lacks authentication. 

 
You can find more detailed information about Office365 Advanced Threat Protection (ATP) in the official Microsoft article here.

Did this answer your question?