Reference: Policies, practices, and guidelines


Did you know you can try the features in Microsoft 365 Defender for Office 365 Plan 2 for free? Use the 90-day Defender for Office 365 trial at the Microsoft Defender portal trials hub. Learn about who can sign up and trial terms here.

Microsoft is dedicated to helping provide the most trusted user experience on the web. Therefore, Microsoft has developed various policies, procedures, and adopted several industry best practices to help protect our users from abusive, unwanted, or malicious email. Senders attempting to send email to users should ensure they fully understand and are following the guidance in this article to help in this effort and to help avoid potential delivery issues.

If you aren't in compliance with these policies and guidelines, it may not be possible for our support team to assist you. If you're adhering to the guidelines, practices, and policies presented in this article and are still experiencing delivery issues based on your sending IP address, follow the steps to submit a delisting request. For instructions, see Use the delist portal to remove yourself from the blocked senders list.

General Microsoft policies

Email sent to Microsoft 365 users must comply with all Microsoft policies governing email transmission and use of Microsoft 365.

  • Terms of Services applicable to Microsoft 365; in particular, the prohibition against using the service to spam or distribute malware.
  • Microsoft Services Agreement

Governmental regulations

Email sent to Microsoft 365 users must adhere to all applicable laws and regulations governing email communications in the applicable jurisdiction.

Technical guidelines

Email sent to Microsoft 365 should comply with the applicable recommendations listed in the following documents (some links are only available in English).

In addition, email servers connecting to Microsoft 365 must adhere to the following requirements:

  • The sender is expected to comply with all technical standards for the transmission of Internet email, as published by The Internet Society's Internet Engineering Task Force (IETF), including RFC 5321, RFC 5322, and others.
  • After given a numeric SMTP error response code between 500 and 599 (also known as a permanent non-delivery response or NDR), the sender must not attempt to retransmit that message to that recipient.
  • After multiple non-delivery responses, the sender must cease further attempts to send email to that recipient.
  • Messages must not be transmitted through insecure email relay or proxy servers.
  • The mechanism for unsubscribing, either from individual lists or all lists hosted by the sender, must be clearly documented and easy for recipients to find and use.
  • Connections from dynamic IP addresses might not be accepted.
  • Email servers must have valid reverse DNS records.

Reputation management

Senders, ISP's, and other service providers should actively manage the reputation of your outbound IP addresses.

Microsoft 365 limits

Senders must adhere to Microsoft 365 limits listed in Exchange Online Protection Limits.

Email delivery resources and organizations

Microsoft actively works with industry bodies and service providers in order to improve the internet and email ecosystem. These organizations have published best practice documents that we support and recommend senders adhere to. Adhering to these recommendations improves your ability to deliver email among several email service providers around the world.

Abuse and spam reporting

To report unlawful, abusive, unwanted or malicious email, see Report messages and files to Microsoft. Sending these types of communications is a violation of Microsoft policy, and appropriate action is taken on confirmed reports.

Law enforcement

If you're a member of law enforcement and wish to serve Microsoft Corporation with legal documentation regarding Microsoft 365, or if you have questions regarding legal documentation that you submitted to Microsoft, call +1 (425) 722-1299.