DMARC Aggregate Reports from O365 Domains
Ability for Office 365 to send DMARC Aggregate reports when set in a monitoring policy to see which aouthorised\unauthorised senders are using my domain suffix... just like other vendors are already doing.
William Rinehart commented
Yes, this please.
Trying to implement DMARC for our ticketing system and then eventualy push out to our clients. Hard to do when we don't get any sort of useful reoprting. 99% of our customer base are on 365 email platform. We need DMARC reporting!
I'm baffled as well. As an industry leader and advocate, Microsoft should be sending these reports.
Stefan Schulte commented
Baffled as all the commentators before me that this industry standard is missing at microsoft.
Tarun Arora commented
Being one of the largest ESP, Microsoft should be sending DMARC Reports.
It's very crucial while implementing dmarc.
Has to happen.
MS please sort this out ASAP!
Neil McC commented
Like many posters below, I'm so surprised by Microsoft's position that I'm almost doubting the truth. To publish this sort of guidance https://docs.microsoft.com/en-gb/microsoft-365/security/office-365-security/use-dmarc-to-validate-email#DMARCbestpractices which states, "As you introduce SPF and DKIM, the reports generated through DMARC will provide the numbers and sources of messages that pass these checks, and those that don't. You can easily see how much of your legitimate traffic is or isn't covered by them, and troubleshoot any problems." seems incredibly hypocritical. Addressing this should be a top priority.
Brian Clark commented
I’d love to get the telemetry from Microsoft on who may be trying to spoof my domain. I was shocked when I learned that Microsoft hasn’t implemented that portion of the standard.
Rob Coote commented
This is abosolutely vital to the progress of DMARC in Enterprise to secure email. How is it possible that one of the leading providers of not only enterprise and business email, but general consumer email via Outlook.com and Hotmail?
Cornelius Roemer commented
Unbelievably... Microsoft. In a lot of things at the forefront of the tech wave, and sometimes ridiculously behind.
Povl H. Pedersen commented
Please connect to the real world. We need reporting.
Especially since O365 does treat reject as quarantine, and allows users to whitelist senders, thus allowing users a complete override. We need to know how big the problem is.
Peter Muney commented
As one of the worlds largest email hosting vendors I think it irresponsible to not be providing dmarc reporting.
In a few day's, we're living in the year 2020. Phishing has never been as big a problem as it is now, and it will continue to grow. Microsoft, please put a number of people on this. We really, really need the visibility to go from p=quarantine to p=reject. We cannot do that without reporting from Office 365. Please do your part. Enable DMARC reporting!
If you want to be a security leader how can you not provide this basic functionality???
I am disappointed that Office 365 isn't participating in sending DMARC reports for tenant domains. Please enable this feature ASAP.
Mark Penney commented
Adding my voice and vote to this. I get clients on Office365 saying that emails from my 3rd party help desk provider are ending up in their Junk folder.. I can see from reports in Dmarcian from all the other providers that everything looks good from an authentication perspective, but I get no report back from Microsoft.. Same goes when I am helping clients who are not on Office365 with their deliverability issues... Google, Yahoo, etc. report back so we can confirm all is well, but Microsoft is a big black hole.
Ezra Morris commented
A couple of comments mention Valimail or the blog post about it. Note this suggestion isn't about monitoring, it's about the sending of the reports. If you have Valimail or another monitoring solution, it only works when it receives reports. If you send to a lot of Gmail etc. addresses, you will get some useful data, but if a lot of recipients are businesses on Office 365, you will get limited reports, since O365 doesn't send them.
As a recently-converted user in the government cloud, I am deeply disappointed to learn that Office 365 is not participating in sending DMARC reports for tenant domains.
Tim Tielens commented
If you have a subscription you can use valimail
It's not the best, but it gives some information.
It would be better if it was integrated in the admin portal.