Feedback by UserVoice

How can we improve compliance or protect your users better in Office 365?

← Office 365 Security & Compliance

DMARC Aggregate Reports from O365 Domains

Ability for Office 365 to send DMARC Aggregate reports when set in a monitoring policy to see which aouthorised\unauthorised senders are using my domain suffix... just like other vendors are already doing.

2,661 votes
Vote
Sign in
(thinking…)
Sign in with: Facebook Google
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Jade shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

84 comments

Sign in
(thinking…)
Sign in with: Facebook Google
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Mark commented  ·   ·  Flag as inappropriate

    Trying to implement DMARC for our ticketing system and then eventualy push out to our clients. Hard to do when we don't get any sort of useful reoprting. 99% of our customer base are on 365 email platform. We need DMARC reporting!

  • Anonymous commented  ·   ·  Flag as inappropriate

    I'm baffled as well. As an industry leader and advocate, Microsoft should be sending these reports.

  • Tarun Arora commented  ·   ·  Flag as inappropriate

    Being one of the largest ESP, Microsoft should be sending DMARC Reports.
    It's very crucial while implementing dmarc.

  • Neil McC commented  ·   ·  Flag as inappropriate

    Like many posters below, I'm so surprised by Microsoft's position that I'm almost doubting the truth. To publish this sort of guidance https://docs.microsoft.com/en-gb/microsoft-365/security/office-365-security/use-dmarc-to-validate-email#DMARCbestpractices which states, "As you introduce SPF and DKIM, the reports generated through DMARC will provide the numbers and sources of messages that pass these checks, and those that don't. You can easily see how much of your legitimate traffic is or isn't covered by them, and troubleshoot any problems." seems incredibly hypocritical. Addressing this should be a top priority.

  • Brian Clark commented  ·   ·  Flag as inappropriate

    I’d love to get the telemetry from Microsoft on who may be trying to spoof my domain. I was shocked when I learned that Microsoft hasn’t implemented that portion of the standard.

  • Rob Coote commented  ·   ·  Flag as inappropriate

    This is abosolutely vital to the progress of DMARC in Enterprise to secure email. How is it possible that one of the leading providers of not only enterprise and business email, but general consumer email via Outlook.com and Hotmail?

  • Cornelius Roemer commented  ·   ·  Flag as inappropriate

    Unbelievably... Microsoft. In a lot of things at the forefront of the tech wave, and sometimes ridiculously behind.

  • Povl H. Pedersen commented  ·   ·  Flag as inappropriate

    Please connect to the real world. We need reporting.
    Especially since O365 does treat reject as quarantine, and allows users to whitelist senders, thus allowing users a complete override. We need to know how big the problem is.

  • Peter Muney commented  ·   ·  Flag as inappropriate

    As one of the worlds largest email hosting vendors I think it irresponsible to not be providing dmarc reporting.

  • Anonymous commented  ·   ·  Flag as inappropriate

    In a few day's, we're living in the year 2020. Phishing has never been as big a problem as it is now, and it will continue to grow. Microsoft, please put a number of people on this. We really, really need the visibility to go from p=quarantine to p=reject. We cannot do that without reporting from Office 365. Please do your part. Enable DMARC reporting!

  • Steve commented  ·   ·  Flag as inappropriate

    If you want to be a security leader how can you not provide this basic functionality???

  • Anonymous commented  ·   ·  Flag as inappropriate

    I am disappointed that Office 365 isn't participating in sending DMARC reports for tenant domains. Please enable this feature ASAP.
    Thanks

  • Mark Penney commented  ·   ·  Flag as inappropriate

    Adding my voice and vote to this. I get clients on Office365 saying that emails from my 3rd party help desk provider are ending up in their Junk folder.. I can see from reports in Dmarcian from all the other providers that everything looks good from an authentication perspective, but I get no report back from Microsoft.. Same goes when I am helping clients who are not on Office365 with their deliverability issues... Google, Yahoo, etc. report back so we can confirm all is well, but Microsoft is a big black hole.

  • Ezra Morris commented  ·   ·  Flag as inappropriate

    A couple of comments mention Valimail or the blog post about it. Note this suggestion isn't about monitoring, it's about the sending of the reports. If you have Valimail or another monitoring solution, it only works when it receives reports. If you send to a lot of Gmail etc. addresses, you will get some useful data, but if a lot of recipients are businesses on Office 365, you will get limited reports, since O365 doesn't send them.

  • Anonymous commented  ·   ·  Flag as inappropriate

    As a recently-converted user in the government cloud, I am deeply disappointed to learn that Office 365 is not participating in sending DMARC reports for tenant domains.

← Previous 1 3 4 5

Office 365 Security & Compliance: Spam & Phishing

Categories

Feedback and Knowledge Base

(thinking…)

Related Sites