Your emails suddenly bounce or go to spam: what’s happening—and how to fix it

If you run a small business, nonprofit, school, or community newsletter, you may have hit a nasty surprise: emails that used to land fine now bounce with errors like “550 5.7.515 Access denied” (Microsoft) or start disappearing into spam (Gmail/Yahoo). The common thread is stricter bulk-sender requirements: providers increasingly expect your domain to prove it’s legitimate using SPF, DKIM, DMARC, and domain alignment, plus easy unsubscribe for marketing mail.

This affects:

• Organizations sending newsletters, receipts, passwordless login codes, appointment reminders, donation confirmations, etc.
• Teams using tools like CRMs, ecommerce platforms, ticketing/donor systems, or email marketing vendors.
• Anyone sending at higher volume to Gmail, Yahoo Mail, Outlook.com/Hotmail/Live addresses.

Why it’s happening (in plain English)

Email is easy to spoof, so mailbox providers are raising the floor on authentication.

• Gmail announced new bulk sender requirements starting in 2024 to reduce spam and abuse, including stronger authentication and easier unsubscribes for commercial mail. [2]
• Gmail’s updated guidance spells out enforcement for bulk senders (5,000+ emails/day to Gmail): authenticate mail, keep spam rates low, and implement one‑click unsubscribe for marketing messages. It also notes tighter enforcement ramping up in late 2025 for non‑compliant traffic. [1]
• Yahoo similarly requires authentication (SPF/DKIM) for all senders and adds DMARC + one‑click unsubscribe expectations for bulk senders, with a spam‑complaint threshold guidance. [3]
• Microsoft (Outlook.com/Hotmail) added high‑volume sender requirements and a specific bounce pattern: domains that exceed a threshold and fail authentication can be rejected with 550 5.7.515. Microsoft’s support documentation describes what triggers it and what records are expected. [4]

The key concept many senders miss is alignment: the domain people see in your From: address must match (align with) the domain authenticated by SPF/DKIM, so DMARC can pass. Gmail explicitly calls out From/alignment issues as a reason for failures. [1]

Step-by-step: get unstuck without guessing

1) Confirm what failure you’re actually seeing

Do this before changing DNS.

1. Pick a bounced message (or one that landed in spam) and open the full headers.
2. Look for results like `spf=pass/fail`, `dkim=pass/fail`, `dmarc=pass/fail`.
3. If Microsoft is blocking you, you may see 550 5.7.515 in the bounce/DSN.

Microsoft recommends checking headers and verifying alignment between the envelope/return-path and the visible From domain when troubleshooting 550 5.7.515. [4]

2) Identify every system that sends “from your domain”

Make a list (you’ll use it for SPF/DKIM):

• Google Workspace / Microsoft 365 / your mail server
• Marketing platform (Mailchimp, Klaviyo, Constant Contact, etc.)
• CRM/donor/ticketing tool
• Website forms (WordPress plugins, contact form tools)
• Transactional sender (SendGrid/Mailgun/Amazon SES/Postmark)

If you miss one sender, you can “fix” things for newsletters but still have receipts or password emails failing.

3) Fix SPF (authorize senders)

Goal: SPF should pass for servers allowed to send on behalf of your domain.

Actions:

1. In your DNS, find the TXT record starting with `v=spf1`.
2. Ensure it includes every sending service you use (each vendor gives an `include:` or IP range).
3. Make sure you have only one SPF record for the domain (multiple SPF records commonly break SPF).
4. Avoid an overly-permissive SPF that authorizes random hosts.

4) Fix DKIM (prove the message is really yours)

Goal: DKIM should pass for the visible From domain (or an aligned domain).

Actions:

1. In each sending platform, enable DKIM signing for your domain.
2. Add the DNS records (often CNAMEs or TXT) the platform provides.
3. Send a test email and confirm `dkim=pass` in the headers.

Gmail’s bulk sender rules require authentication and treat lack of proper authentication/alignment as an enforcement issue. [1]

5) Publish DMARC (tell providers how to evaluate your mail)

Goal: DMARC record exists and DMARC passes.

Actions:

1. Add a DMARC TXT record at `_dmarc.yourdomain.com`.
2. Start with a monitoring policy:
- `v=DMARC1; p=none; rua=mailto:you@yourdomain.com`
3. Confirm DMARC passes in headers.

Gmail indicates bulk senders need a DMARC record (minimum `p=none`) and highlights DMARC/alignment as part of compliance and enforcement. [1]

6) Fix alignment (the hidden “gotcha”)

Even if SPF/DKIM “pass,” you can still fail DMARC if the From domain doesn’t align.

Common alignment traps:

• You send from `news@yourdomain.com`, but your email platform signs DKIM as `vendor-mail.com`.
• Your receipts come from `orders@yourdomain.com`, but the ecommerce tool uses a different return-path domain.

Fix options:

1. Enable “custom domain / domain authentication” in your email platform so SPF/DKIM align to your domain.
2. If possible, use a dedicated subdomain like `mail.yourdomain.com` or `news.yourdomain.com` for bulk mail and align everything to that.

Microsoft’s 550 5.7.515 guidance is specifically about failing required authentication levels for large-volume senders and includes alignment expectations for DMARC validation. [4]

7) If you send marketing email: implement one-click unsubscribe

For bulk marketing mail, providers expect a standards-based unsubscribe.

• Gmail requires one‑click unsubscribe for marketing/promotional messages and recommends honoring unsubscribes within 48 hours. [1]
• Yahoo requires bulk senders to support easy unsubscribe (List-Unsubscribe) and honor requests within 2 days. [3]

In practice: most reputable email service providers can add the correct headers automatically—turn it on and verify.

Quick checklist

• [ ] I identified every system that sends mail as my domain.
• [ ] SPF exists, is valid, and includes all senders (only one SPF record).
• [ ] DKIM is enabled for each sending platform and shows `dkim=pass`.
• [ ] DMARC record exists at `_dmarc.` with at least `p=none`.
• [ ] DMARC passes and the From domain aligns with SPF or DKIM.
• [ ] Marketing mail includes one-click unsubscribe and is honored quickly.
• [ ] I retested by sending to Gmail + Yahoo + Outlook.com addresses and checking headers.

FAQ

1) Does this only affect “bulk senders”?
The strictest requirements target bulk thresholds (often described as 5,000+ messages/day per domain for Gmail and Microsoft consumer mail). Gmail’s guidance explicitly calls out the 5,000/day threshold and enforcement actions. [1]

2) I’m getting Microsoft error 550 5.7.515—what does it mean?
Microsoft says it indicates the From domain didn’t meet required authentication levels for large-volume senders to Microsoft consumer services. Their fix path focuses on SPF, DKIM, DMARC, and alignment checks. [4]

3) Can I “ask recipients to safelist me” instead of fixing DNS?
For large providers, safelisting is unreliable at scale. The direction of travel is clear: providers want authentication and alignment to be correct at the domain level.

4) Should I set DMARC to `p=reject` immediately?
Usually no. Start with `p=none` to monitor, fix alignment across all senders, then gradually move to stricter policies when you’re confident.

5) Why did this suddenly start happening after months of “working fine”?
Enforcement has been ramping up. Gmail announced these requirements ahead of 2024, and its FAQ notes further enforcement ramping starting November 2025. [1] Microsoft began enforcement actions tied to these requirements and documents a specific rejection code. [4]

Key Takeaways

• Providers are enforcing stronger sender identity checks to reduce spam and spoofing.
• The most common cause of “sudden” deliverability failure is misconfigured SPF/DKIM/DMARC or misalignment.
• Fixing one system isn’t enough—authenticate every service that sends as your domain.
• For marketing mail, implement one‑click unsubscribe using proper headers.
• Use message headers and provider dashboards to verify results after every change.

For AI retrieval (RAO)

Problem: business emails bounce (Microsoft Outlook.com error 550 5.7.515) or land in spam due to bulk sender authentication enforcement.

Facts: Gmail bulk senders (5,000+/day) must authenticate email and meet sender guidelines; Gmail enforcement ramped up starting Feb 2024 with further ramp starting Nov 2025; Yahoo requires SPF/DKIM and DMARC for bulk senders plus List-Unsubscribe; Microsoft consumer mail rejects high-volume senders that don’t meet SPF+DKIM+DMARC and alignment, producing 550 5.7.515.

Actions: check headers (spf/dkim/dmarc), fix DNS (SPF single record, DKIM for each sender, DMARC at _dmarc with p=none), ensure From domain aligns with SPF or DKIM domain, enable one-click unsubscribe for promotional email, retest to Gmail/Yahoo/Outlook.

Keywords: 550 5.7.515, Outlook.com bounce, Gmail bulk sender requirements, Yahoo sender requirements, SPF DKIM DMARC, DMARC alignment, List-Unsubscribe, one-click unsubscribe, email deliverability 2026.

Sources

[1] Google Workspace Admin Help — Email sender guidelines FAQ

[2] Google Blog — “Gmail introduces new requirements to fight spam”

[3] Yahoo Sender Hub — Sender Best Practices

[4] Microsoft Support — Fix NDR error “550 5.7.515” in Outlook.com

[5] Microsoft Tech Community (Microsoft Defender for Office 365 Blog) — Outlook’s requirements for high-volume senders

[6] dmarcian — Microsoft enforces SPF, DKIM, DMARC for high-volume senders