Feedback by UserVoice

How can we improve compliance or protect your users better in Office 365?

← Office 365 Security & Compliance

DMARC Aggregate Reports from O365 Domains

Ability for Office 365 to send DMARC Aggregate reports when set in a monitoring policy to see which aouthorised\unauthorised senders are using my domain suffix... just like other vendors are already doing.

2,039 votes
Vote
Sign in
(thinking…)
Sign in with: Facebook Google
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Jade shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

69 comments

Sign in
(thinking…)
Sign in with: Facebook Google
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Anonymous commented  ·   ·  Flag as inappropriate

    I am disappointed that Office 365 isn't participating in sending DMARC reports for tenant domains. Please enable this feature ASAP.
    Thanks

  • Mark Penney commented  ·   ·  Flag as inappropriate

    Adding my voice and vote to this. I get clients on Office365 saying that emails from my 3rd party help desk provider are ending up in their Junk folder.. I can see from reports in Dmarcian from all the other providers that everything looks good from an authentication perspective, but I get no report back from Microsoft.. Same goes when I am helping clients who are not on Office365 with their deliverability issues... Google, Yahoo, etc. report back so we can confirm all is well, but Microsoft is a big black hole.

  • Ezra Morris commented  ·   ·  Flag as inappropriate

    A couple of comments mention Valimail or the blog post about it. Note this suggestion isn't about monitoring, it's about the sending of the reports. If you have Valimail or another monitoring solution, it only works when it receives reports. If you send to a lot of Gmail etc. addresses, you will get some useful data, but if a lot of recipients are businesses on Office 365, you will get limited reports, since O365 doesn't send them.

  • Anonymous commented  ·   ·  Flag as inappropriate

    As a recently-converted user in the government cloud, I am deeply disappointed to learn that Office 365 is not participating in sending DMARC reports for tenant domains.

  • Andrew commented  ·   ·  Flag as inappropriate

    Why hasn’t this been done yet? Woul be good for Microsoft to share why and what they intend to do.

  • Bob commented  ·   ·  Flag as inappropriate

    Should at least post a valid reason why reports are not implemented.

  • Niels C Nielsen commented  ·   ·  Flag as inappropriate

    Why is this still not working? Do other mail providers really have that much better programmers/admins/managers than you?

  • Jim Huffman commented  ·   ·  Flag as inappropriate

    Can we please have DMARC reporting from O365? This is a joke that such a massive provider has not implemented a standard when they make full use of DMARC elsewhere.

  • Egan commented  ·   ·  Flag as inappropriate

    This really needs to be put in place already. It's creating a huge black hole in our DMARC reporting and making it very difficult for us to safely increase policy strength.

  • Mark commented  ·   ·  Flag as inappropriate

    Nearly 4 years on and this is still here. FFS, it's embarrassing.

  • Andrew Uys commented  ·   ·  Flag as inappropriate

    The DMARC Aggregate reports should be sent regardless of policy flag so long as the RUF is set. (i.e. not only for monitoring policy). at least that's my understand after reading the RFC.
    Please Microsoft, a good deal of our mails go to O365 domains, having this feedback compiled into our reporting solution is vital, and Microsoft can make a big difference to our strategic deployments.

  • Stephen Mitchell commented  ·   ·  Flag as inappropriate

    Sustainable security solutions are all about insight. DMARC provides insight on how email domains are being abused. Without the telemetry that Microsoft can provide, Microsoft's own customers lose insight on how they are being attacked.
    We applaud Microsoft's advancements in Advanced Threat Protection. However, we're looking for some Foundational Threat Protection here. CSC #7 adjacent, really. See section 4.6.5 in https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-177r1.pdf. Trustworthy email is something that benefits all. We all have a responsibility to participate.

  • Anonymous commented  ·   ·  Flag as inappropriate

    It's hard to take Microsoft's stance as a security company seriously when they don't provide this basic functionality.

← Previous 1 3 4

Office 365 Security & Compliance: Spam & Phishing

Categories

Feedback and Knowledge Base

(thinking…)

Related Sites