Microsoft announced that starting in April 2020, they are implementing Office 365 Advanced Threat Protection (ATP). This change can impact your email deliverability to Office 365 emails if you are sending through Omnisend shared domains.

Due to the impact of phishing attacks, Microsoft takes the threat of phishing seriously when it comes to protecting its users. The company believes that the risk of continuing to allow sending an unauthenticated email is higher than the risk of losing a legitimate email. But let's get back to the very beginning and find out what was changed as well as how you can protect yourself.

Since April 2020, clients who are using one of our shared domains may start to see an increase in their bounce rates. Keep in mind that we are talking about Office 365 emails only. If you do not have any customers who are using this provider, you do not need to take any further actions. Your campaigns and bounce rates will not be affected even if you keep sending through our shared domains.
​ 

If your customer list contains Office 365 emails, you should consider starting to send through your own signed domain. How is it supposed to help you, may ask? In the email client (Outlook, Gmail, Yahoo, or any other), only the "From:" domain is displayed, and that can mislead the user into thinking that the message came from YourDomain.com. In fact, it came from MaliciousDomain.com.

In the screenshot below, you can see an example of how your sender's email (From:) looks in Outlook:

Although you can see that it is sent from Omnisend email, you cannot be sure if the sender's domain belongs to Omnisend or if it is just someone pretending to be Omnisend.

That's why Microsoft is asking to align your sender's email with the sender's domain (or subdomain). Only then will Microsoft filters be sure that you are an authenticated sender and will pass your email.

Once you start to send through your own signed domain, you will be the one responsible for its reputation. Keep in mind that you will need to take some extra time to warm the domain up. When warming your sender's reputation, we highly recommend you use our segmentation and start sending to the most engaged audience first.

It is crucial to monitor your deliverability performance for both your campaigns and automated workflows, as it helps to identify possible problems at an early stage. Right now, when Office 365 changes take place, you should pay even more attention to your bounce rate.

You can track open, click, spam, unsubscribe, and bounce rates of your campaigns over time in Omnisend Reports.

Please take into account that once a custom domain is signed, at the very beginning, you will not be able to send it to all your contacts. The warm-up is mandatory to keep your sender's reputation on a high level. Otherwise, you can destroy the sender's reputation that you have built. This means it can have an impact not only on Office 365 emails but on all of your clients.
​

Sending from the custom domain is one of the most recommended good sending practices. However, it will serve you only if you are patient and responsible. The possibility of sending from your own domain can do both: increase your metrics or harm you. Everything depends on your decisions, so please, before signing the domain, evaluate if you really need it.

Remember, deliverability to Microsoft is not guaranteed even if you authenticate email originating from your platform. Authentication only ensures that Microsoft does not junk your email just because it lacks authentication. 

 
You can find more detailed information about Office 365 Advanced Threat Protection (ATP) in the official Microsoft article here.