DMARC Aggregate Reports from O365 Domains
Ability for Office 365 to send DMARC Aggregate reports when set in a monitoring policy to see which aouthorised\unauthorised senders are using my domain suffix... just like other vendors are already doing.

69 comments
-
Anonymous commented
I am disappointed that Office 365 isn't participating in sending DMARC reports for tenant domains. Please enable this feature ASAP.
Thanks -
Mark Penney commented
Adding my voice and vote to this. I get clients on Office365 saying that emails from my 3rd party help desk provider are ending up in their Junk folder.. I can see from reports in Dmarcian from all the other providers that everything looks good from an authentication perspective, but I get no report back from Microsoft.. Same goes when I am helping clients who are not on Office365 with their deliverability issues... Google, Yahoo, etc. report back so we can confirm all is well, but Microsoft is a big black hole.
-
Ezra Morris commented
A couple of comments mention Valimail or the blog post about it. Note this suggestion isn't about monitoring, it's about the sending of the reports. If you have Valimail or another monitoring solution, it only works when it receives reports. If you send to a lot of Gmail etc. addresses, you will get some useful data, but if a lot of recipients are businesses on Office 365, you will get limited reports, since O365 doesn't send them.
-
Anonymous commented
As a recently-converted user in the government cloud, I am deeply disappointed to learn that Office 365 is not participating in sending DMARC reports for tenant domains.
-
Tim Tielens commented
If you have a subscription you can use valimail
https://www.valimail.com/It's not the best, but it gives some information.
It would be better if it was integrated in the admin portal.
-
Andrew commented
Why hasn’t this been done yet? Woul be good for Microsoft to share why and what they intend to do.
-
Michael Yusko commented
They want to reduce SPAM, then give us the resources to do it!!!
-
Vincent Andre commented
If you are supporting the fight against SPAM and email spoofing, you HAVE TO add that.
-
Anonymous commented
Has to happen.
-
Bob commented
Should at least post a valid reason why reports are not implemented.
-
Niels C Nielsen commented
Why is this still not working? Do other mail providers really have that much better programmers/admins/managers than you?
-
Anonymous commented
Add it please
-
Jim Huffman commented
Can we please have DMARC reporting from O365? This is a joke that such a massive provider has not implemented a standard when they make full use of DMARC elsewhere.
-
Anonymous commented
https://www.microsoft.com/security/blog/2019/06/03/secure-cloud-free-dmarc-monitoring-office-365/ Apparently Microsoft has teamed up with a 3rd party to provide this
-
Egan commented
This really needs to be put in place already. It's creating a huge black hole in our DMARC reporting and making it very difficult for us to safely increase policy strength.
-
Anonymous commented
Why hasn’t this been completed!
-
Mark commented
Nearly 4 years on and this is still here. FFS, it's embarrassing.
-
Andrew Uys commented
The DMARC Aggregate reports should be sent regardless of policy flag so long as the RUF is set. (i.e. not only for monitoring policy). at least that's my understand after reading the RFC.
Please Microsoft, a good deal of our mails go to O365 domains, having this feedback compiled into our reporting solution is vital, and Microsoft can make a big difference to our strategic deployments. -
Stephen Mitchell commented
Sustainable security solutions are all about insight. DMARC provides insight on how email domains are being abused. Without the telemetry that Microsoft can provide, Microsoft's own customers lose insight on how they are being attacked.
We applaud Microsoft's advancements in Advanced Threat Protection. However, we're looking for some Foundational Threat Protection here. CSC #7 adjacent, really. See section 4.6.5 in https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-177r1.pdf. Trustworthy email is something that benefits all. We all have a responsibility to participate. -
Anonymous commented
It's hard to take Microsoft's stance as a security company seriously when they don't provide this basic functionality.