Dedicated email domain with Microsoft 365

Modified on Thu, 20 Jun at 10:16 AM

Overview: to ensure outbound email has the best possible reputation score "out-of-the box", without using expensive "Email Reputation Consultants", follow this tested guide.


  • Step 1: Register a new domain (or recycle existing) that will exclusively be used only to send email, not for website access
    • It is vital that no custom DNS records be added, not even a WWW web server
  • Add to Microsoft 365, and configure Microsoft to host the DNS zone (not a 3rd-party ISP)
    • IMPORTANT:
      • Do NOT add any custom DNS records (apart from DKIM/DMARC & BIMI below)
        • Organizations with a trademarked logo should add a BIMI record and VMC certificate; contact us for assistance (average certificate cost $1000 to $1500 per year, depending upon CA provider)
      • Do NOT edit the SPF record, MX record or any other records
      • Do NOT add a WWW record or any other website record
      • If you want to know why, expect a consultancy fee; after-all this valuable article is being provided to you for free!
      • ..."but what about the website?" Please go back to Step 1
  • Enable DKIM in Exchange Online and Microsoft DNS
  • Add DMARC record to domain, using the strict ("reject") format:
  • Add List-Unsubscribe rule to Exchange Online mail flow
    • Exchange Admin Centre > Mail flow > Rules > Add > Add Rule: Modify Messages
      • Name: List-Unsubscribe
      • Apply rule if: The sender | domain is my-domain-name.com 
      • Do the following: Modify the message properties | set a message header
        • Set the message header: List-Unsubscribe
        • ...to the value: <mailto:unsubscribe@my-domain-name.com?subject=unsubscribe>
      • Rule mode: Enforce
        [Finish]
      • Status: Enabled
    • Make sure that the unsubscribe@ email address is added as an alias to a real user mailbox so that you comply with any unsubscribe emails.
  • Add BIMI brand logo
  • Disable IMAP/POP/SMTP for all users whose primary domain is this dedicated email domain; users must ONLY send using Outlook Desktop (MAPI), Exchange ActiveSync, Exchange Web Services (EWS) protocols, or Outlook online (OWA) thus removing their office or broadband IP from the email header.
    • Enforce MFA on all users, such as Microsoft Authenticator app & SMS
    • Instruct iPhone and Android users to send using the Microsoft Outlook app rather than built-in mail apps
  • CONTENT (phone numbers): Ensure any "tel://" links or plain telephone numbers are registered
    • Many responsible providers are using 3rd-party verification of telephone numbers, and if your numbers are not registered they may be scored negatively, affecting the overall "unsolicited" score of your emails
    • Some verification providers have allowed businesses to register their numbers for free, such as Hiya - see https://www.hiya.com/products/registration
  • CONTENT (general): Ensure email signatures and email content adheres to "good practice" for emails, such as:
    • Subject line: maximum of 255 characters (160 is safer limit)
    • Recipients: maximum number of recipients generally 300 (50 is safer limit)
    • Other limits:
      • No more than 30 emails per minute, and no more than 10,000 per day
      • 25 MB maximum attachment size (10 MB is safer)
      • Check recipient server if unsure (some only allow plain text, or restrict attachment size)
      • Text limit 5,000 characters (about 1,000 words); would span around 2 average pages and take around 3 minutes to read....anything more should be in an attachment.
    • All links (inc. external images) via SSL
    • Images/videos/audio:
      • Include ALT tag for all images, specify exact image size, "-nosend-" tags (nosend="1" border="0")
      • Size no larger than 600 px
      • Non-static media: No GIFs, no video, no audio; feel free to link to external media
      • PNG or JPG, no other formats
      • Allow foo "dark mode"; don't assume the recipient's background is white in their email client
    • Tables: use HTML tables instead of DIVs
    • HREFs: force clean style (style="text-decoration:none;")
    • CSS: do not use CSS; each element must have "style" tag (if styling required)
    • Fonts: Only use web-safe fonts 
    • Arial

      Verdana

      Tahoma

      Trebuchet MS

      Times New Roman

      Georgia

      Garamond

      Courier New

      Brush Script MT

      Cursive Sans

      Helvetica

      Oswald

      • Arial, Verdana Tahoma, Trebuchet MS, Times New Roman, Georgia Garamond, Courier New, Brush Script MT, Cursive Sans, Helvetica, Oswald
      • Do not use bullets, check-marks or numbering
    • Minify all HTML; ensure "full" HTML (stand-alone document)
    • Plain text version supported, max. 5,000 characters
    • Attachments:
      • ZIP files to increase chance of passing filtering
      • Only attach unzipped if file format can be easily viewed online (PDF, Word, Excel)
      • Generally accepted maximum size of an entire email is 25 MB, inc. attachments
    • Test all email signatures on variety of mobile devices
      • If sending using a mobile, edit the signature (“Sent from my iPhone" is an automatic negative score!)
    • Give thought to avoiding phrases that recipient mail servers may flag as spam, such as "Flash sale!"
    • Familiarize all senders with local country regulation and legislation about sending emails
      • Do not send repeat unsolicited emails, if indeed any at all...
      • Do not use offensive or inappropriate language, innuendo or slang
  • Additional steps: feel free to contact us to discuss additional steps that your organization can implement to retain and improve your email reputation scores. Other 3rd-party tools which may be of use include:




Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article