Provider deliverability · Outlook (Outlook.com / Hotmail / Live)
How to stop emails going to spam in Outlook

By Samuel Chenard · CEO & Co-Founder, Palisade · Reviewed July 17, 2026
To stop emails going to spam in Outlook, fix the four things Microsoft's filter actually scores: authentication that passes but doesn't align with your From domain, a rising junk-complaint rate, weak list hygiene and content signals, and a cold IP or domain with no sending history. Align SPF and DKIM first; that is the post-May-2025 junk trigger.
The 30-second check
Start with a 30-second reality check on the domain you send from. The free email security score grades your SPF, DKIM, and DMARC setup in one pass and shows whether the records that Outlook's filter checks are present, aligned with your From domain, and enforced. If mail is bouncing outright rather than landing in Junk, you have a blocking problem instead; see the Outlook blocking guide in the related pages below.
Check your domain now
Enter your sending domain and the check runs instantly on the next page. Free, no signup.
Why Outlook is blocking your email
| Likely cause | What's happening |
|---|---|
| Authentication passes, but not for your From domain | The top junk trigger since May 5, 2025, when Outlook.com started enforcing SPF, DKIM, and DMARC for domains sending 5,000+ messages a day and routing non-compliant mail to the Junk folder first, with rejection to follow. Microsoft's policy requires DMARC at least `p=none` that aligns "with either SPF or DKIM (preferably both)", and ESP defaults break exactly this: SPF passes on the platform's bounce domain and DKIM signs with the platform's domain, so nothing aligns with the address your recipients see. Delivered-but-junked is what this failure looks like from the outside. |
| Your junk-complaint rate is dragging SmartScreen down | Microsoft's postmaster documentation says SmartScreen weighs "the sending IP, domain, authentication, list accuracy, complaint rates, content and more", and singles out one of them: "one of the principal factors in driving down a sender's reputation and deliverability is their junk email complaint rate." Every recipient who clicks Junk votes your future mail into the spam folder, authenticated or not. |
| You started cold: new IP or domain, full volume, no warm-up | Per Microsoft's troubleshooting page, "IPs not previously used to send email typically don't have any reputation built up in our systems", so early mail defaults to Junk while history accumulates. Microsoft says a new IP "can expect to be fully ramped within a couple of weeks or sooner" if volume climbs gradually and complaints stay minimal. One useful shortcut in the same doc: a new IP added under your existing SPF records can inherit the domain's established reputation. |
| Content and list-accuracy signals | Microsoft names "list accuracy" and "content" among SmartScreen's inputs but publishes no specifics, so treat these as the adjustable dials after authentication and complaints. In practice that means mailing addresses that actually engage, and cutting the things filters historically dislike: link shorteners, mismatched link text, image-only bodies (our field experience, not a Microsoft-published list). |
| You're violating Microsoft's published sending policies | Outlook.com's policy page requires an unsubscribe mechanism that is "easy for recipients to find and use", valid reverse DNS on sending IPs, no more than 500 simultaneous connections without prior approval, and no retransmission after a 5xx rejection. Senders that keep hammering dead addresses or bury the opt-out link accumulate exactly the complaint and bounce profile SmartScreen punishes. |
| Recipients are junking you and you can't hear it | Outlook.com sends complaint feedback only to senders enrolled in the Junk Email Reporting Program, which "lets you receive reports when users junk your messages" per Microsoft's SNDS site. Unenrolled senders fly blind: the complaint rate climbs, placement worsens, and the first visible symptom is an inbox-placement collapse nobody can explain. |

How to fix it, step by step
Run the email security score on your sending domain
Use the free checker above (or at /tools/email-security-score). It grades SPF, DKIM, and DMARC in one pass and shows which record is missing, unaligned, or unenforced, so you fix the signal Outlook's filter is actually scoring instead of rewriting subject lines.
Check Microsoft's specific requirements
Run the same domain through the free Microsoft compliance checker at /tools/microsoft-compliance-checker. It tests against Microsoft's May 2025 sender requirements as published: SPF and DKIM passing, plus a DMARC record of at least
p=nonethat aligns with one of them.Align SPF and DKIM with your From domain
In every sending platform, enable the custom return path and generate DKIM keys for your own domain rather than keeping the platform defaults. Verify with /tools/spf and /tools/dkim: the domain that passes must match the visible From address, because that alignment is what Microsoft's DMARC requirement measures.
Enroll in SNDS and JMRP
Register your sending IPs in Smart Network Data Services to see Microsoft's own verdict on your traffic, and join the Junk Email Reporting Program so every junk click comes back to you as a report. Note SNDS is changing: trap-hit counts leave the Data Report on July 22, 2026.
Cut the complaint drivers
Microsoft names the junk-complaint rate a principal reputation factor, so act on the JMRP data: drop recipients who never engage, make the unsubscribe link easy to find and honor it immediately, and stop retransmitting after permanent 5xx failures (all three are published Outlook.com policy expectations).
Warm up, re-test, and keep DMARC reports flowing
Ramp new IPs and domains gradually; Microsoft's stated ramp is a couple of weeks when complaints stay low. Send a test to an Outlook.com mailbox and confirm spf=pass, dkim=pass, and dmarc=pass in the received headers, then monitor DMARC aggregate reports so the next unaligned sender surfaces in a report instead of the Junk folder.
Related free tools: Microsoft compliance checker · SPF checker · DKIM checker · DMARC checker · Domain reputation
If you send in volume: Outlook's published rules
Since May 5, 2025, Outlook.com enforces authentication for domains sending more than 5,000 messages a day to consumer addresses (outlook.com, hotmail.com, live.com): SPF and DKIM must pass, and DMARC must be published at minimum p=none (Microsoft recommends p=reject) with alignment to SPF or DKIM, preferably both. Enforcement is exactly this page's symptom: non-compliant mail is routed to the Junk folder first, and Microsoft's postmaster site states it will move to rejecting those messages until the DNS records are corrected (checked 2026-07-17). Below 5,000 a day the same checks still feed filtering, so treat them as the baseline at any volume.
Check your standing with Outlook
- Smart Network Data Services (SNDS)
Microsoft's own data on your sending IPs; in its words, "the data you need to understand and improve your reputation at Outlook.com". Free; register every IP you send from.
- Junk Email Reporting Program (JMRP)
Microsoft's feedback loop: it "lets you receive reports when users junk your messages", which makes your complaint rate visible instead of a guess.
- Outlook.com postmaster site
Microsoft's sender documentation hub: the May 2025 requirements, sending policies, and troubleshooting for filtered or blocked mail.
Bounce codes you may be seeing
Blocks in this cluster surface as specific SMTP codes. Match yours below; the linked guides cover each code's verbatim provider messages and full fix.
- 550 5.7.515 (sending domain does not meet the required authentication level): where junk placement is headed if authentication stays unaligned; Microsoft's documented follow-on rejection
- 550 5.7.509: the sending domain fails DMARC verification; fires once Outlook stops junking unaligned mail and starts refusing it Full guide →
- 421 RP-001 to RP-003: reputation-based throttling that often accompanies Junk placement on cold IPs Full guide →
The real root cause: unenforced authentication
Junk placement in Outlook is a reputation verdict, and every input above feeds the same ledger. Unaligned authentication caps your score no matter how clean the list is; a cold IP starts in Junk by default; and each junk click compounds, because Microsoft names the complaint rate a principal factor in deliverability. The durable fix is to make authentication a settled fact rather than a recurring project: SPF and DKIM correct for every sending service, DMARC aligned on the From domain, and the policy enforced at p=reject so spoofed mail can't generate complaints against your name. Monitoring the DMARC reports tells you which sender is about to cost you inbox placement; enforcement is what keeps the reputation you rebuild.
Enforce it — don't just monitor it
Palisade's AI agent takes domains all the way to enforcement: hosted SPF, DKIM, DMARC, and MTA-STS records, DMARC reports monitored continuously, and policies advanced to p=reject automatically. Your first domain is free, and the full product is open for 15 days, no card.
Free 15-day trial · No credit card · Your own domain free forever (NFR)
Fixing this across every client domain
Junk-folder tickets are the worst kind for an MSP because nothing bounces: the client insists mail "sends fine" and the evidence sits in fifty recipients' Junk folders. Microsoft scores every client domain separately, so alignment, SNDS registration, JMRP enrollment, and warm-up are per-domain chores. Palisade collapses that: it hosts and manages SPF, DKIM, DMARC, and MTA-STS records for every client domain, surfaces unaligned senders from DMARC reports before placement collapses, and drives each domain to p=reject automatically. Alerts land in ConnectWise, HaloPSA, or Autotask via native PSA integrations; pricing is $9 per domain per month, dropping to $7 at 100+ domains and $5 at 1,000+, and your own MSP domain runs free as an NFR domain.
Frequently asked questions
Related guides
550 5.7.509421 4.7.0adkim / aspfp=nonep=rejectinclude: