DMARC Aggregate Reports from O365 Domains
Ability for Office 365 to send DMARC Aggregate reports when set in a monitoring policy to see which aouthorised\unauthorised senders are using my domain suffix... just like other vendors are already doing.
Jade
shared this idea
76 comments
-
Brian Clark
commented
I’d love to get the telemetry from Microsoft on who may be trying to spoof my domain. I was shocked when I learned that Microsoft hasn’t implemented that portion of the standard.
-
Rob Coote
commented
This is abosolutely vital to the progress of DMARC in Enterprise to secure email. How is it possible that one of the leading providers of not only enterprise and business email, but general consumer email via Outlook.com and Hotmail?
-
Cornelius Roemer
commented
Unbelievably... Microsoft. In a lot of things at the forefront of the tech wave, and sometimes ridiculously behind.
-
Povl H. Pedersen
commented
Please connect to the real world. We need reporting.
Especially since O365 does treat reject as quarantine, and allows users to whitelist senders, thus allowing users a complete override. We need to know how big the problem is. -
Peter Muney
commented
As one of the worlds largest email hosting vendors I think it irresponsible to not be providing dmarc reporting.
-
Anonymous
commented
In a few day's, we're living in the year 2020. Phishing has never been as big a problem as it is now, and it will continue to grow. Microsoft, please put a number of people on this. We really, really need the visibility to go from p=quarantine to p=reject. We cannot do that without reporting from Office 365. Please do your part. Enable DMARC reporting!
-
Steve
commented
If you want to be a security leader how can you not provide this basic functionality???
-
Anonymous
commented
I am disappointed that Office 365 isn't participating in sending DMARC reports for tenant domains. Please enable this feature ASAP.
Thanks -
Mark Penney
commented
Adding my voice and vote to this. I get clients on Office365 saying that emails from my 3rd party help desk provider are ending up in their Junk folder.. I can see from reports in Dmarcian from all the other providers that everything looks good from an authentication perspective, but I get no report back from Microsoft.. Same goes when I am helping clients who are not on Office365 with their deliverability issues... Google, Yahoo, etc. report back so we can confirm all is well, but Microsoft is a big black hole.
-
Ezra Morris
commented
A couple of comments mention Valimail or the blog post about it. Note this suggestion isn't about monitoring, it's about the sending of the reports. If you have Valimail or another monitoring solution, it only works when it receives reports. If you send to a lot of Gmail etc. addresses, you will get some useful data, but if a lot of recipients are businesses on Office 365, you will get limited reports, since O365 doesn't send them.
-
Anonymous
commented
As a recently-converted user in the government cloud, I am deeply disappointed to learn that Office 365 is not participating in sending DMARC reports for tenant domains.
-
Tim Tielens
commented
If you have a subscription you can use valimail
https://www.valimail.com/It's not the best, but it gives some information.
It would be better if it was integrated in the admin portal.
-
Andrew
commented
Why hasn’t this been done yet? Woul be good for Microsoft to share why and what they intend to do.
-
Michael Yusko
commented
They want to reduce SPAM, then give us the resources to do it!!!
-
Vincent Andre
commented
If you are supporting the fight against SPAM and email spoofing, you HAVE TO add that.
-
Anonymous
commented
Has to happen.
-
Bob
commented
Should at least post a valid reason why reports are not implemented.
-
Niels C Nielsen
commented
Why is this still not working? Do other mail providers really have that much better programmers/admins/managers than you?
-
Anonymous
commented
Add it please
-
Jim Huffman
commented
Can we please have DMARC reporting from O365? This is a joke that such a massive provider has not implemented a standard when they make full use of DMARC elsewhere.