DMARC Aggregate Reports from O365 Domains
Ability for Office 365 to send DMARC Aggregate reports when set in a monitoring policy to see which aouthorised\unauthorised senders are using my domain suffix... just like other vendors are already doing.

This is work we are planning to do although there is no ETA at this time.
112 comments
-
Anonymous commented
Sending emails from MS 365 going as spam to google accounts
-
Jeremy Bradshaw commented
@sean s / can you please tell us if this has now been implemented? As I have posted here - https://techcommunity.microsoft.com/t5/exchange/as-of-february-2021-does-eop-microsoft-now-send-dmarc-aggregate/m-p/2115450 - I believe I've spotted evidence that Microsoft/EOP now does send aggregate reports.
-
anonym commented
as one of the world's "leader of IT security" it is a shame than MS as one of the biggest mail service providers worldwide does not comply with this crucial functionality. Phishing attempts get better every minute, get this done asap pls
-
Anonymous commented
MS please implement this! As one of the biggest mailproviders in the world it is very important to get feedback about sent mail according to widely implemented standards.
-
David commented
I feel this a major omission on the email handling side. My DMARC monitoring receives the majority of its reports from Google and nothing at all from 365 domains. Since most of my customers are based on 365 this means I have no DMARC data showing if my customers might be impacted by abuse of my domain. I am confident the 365 filtering will respect my DMARC policy, but I'd love to have the data as evidence that is actually happening.
-
Chris Lewis commented
We had a major spoofing campaign on our domain - thousands of spam emails sent from our domain. I couldn't set the DMARC policy to quarantine because I have NO visibility into our "good" emails to know that things are configured correctly. I didn't want to risk quarantining our good emails too. Not getting DMARC aggregate reports renders DMARC practically useless for O365 domains.
-
Davide Pagnin commented
In 2020 it seems incredible that MS has not yet re-enabled DMARC reporting from 2017, when they stopped reporting them. Please Re-Enable reporting. Do the right thing for mail security of everybody. Please.
-
V.A. commented
Omg MS just get it done!
-
Chris Evans commented
A renewed sense of urgency needs to be applied to this.
With such a massive market share, not getting DMARC reporting from Office 365 undermines the legitimacy of every single DMARC Aggregator and reporting tool available.
This needs to be done, yesterday -
Ronald commented
In a few months, we're living in the year 2021. Pandemic going on. Loads of people working from home, and Phishing has never been as big a problem as it is now, and it will continue to grow.
Microsoft, please put a number of people on this. We really, really, really, really need the visibility to go from p=quarantine to p=reject.
We cannot do that without reporting from Office 365. Please do your part. Enable DMARC reporting!
-
Anonymous commented
Please implement this ASAP, we are completely in the dark with regards to DMARC on Microsoft addresses! Currently getting lots of spoofing on our domains and even with reject=100 the emails are still getting through...need to see what's happening.
-
Ranjit Kumar commented
please implement DMARC for O365 mails. This is really consuming more effort to tackle daily spam mails.
-
Qub commented
you really need to hurry up, yesterday I got scam email. he's blackmailed me to transfer some bitcoin. He claimed already hack my computer (I know this is bullshit) but 3 years I was using gsuite I never got any scam email like this. I only receive email from my client and organization. everything change after I start using office365.
-
Brandon commented
We are currently in IL2 and ready to move to IL5, hoping that this DMARC feature will be available ASAP. WE needs the ability to analyze the RUA and RUF reports in friendly format. Please make it happen and provide ETA for all of us within the GCC.
-
Anonymous commented
As DMARC gains popularity 365 is becoming a a blackhole with respect to DMARC and this reflects badly on 365 customers. This does need to be addressed by Microsoft if the industry is tackle email misuse.
-
fbifido commented
all Microsoft email domains, need SPF, DKIM, DMARC. MTA-STS, TLS-RPT, DANE
-
TimA commented
From what I have heard, this worked until the migration of Hotmail into ExO
-
Jon Hilmar Edvardsen commented
As you are (finally) implementing the IETF rfc7489 standard please respect it fully, so that you start treating Policy=Reject as Reject, and not as Personal User Quarantine, as is your current implementation.
-
Seb commented
https://tools.ietf.org/html/rfc7489 is an open protocol. Sending reports to your own mailboxes only, breaks the protocol for all others. That, in my humble opinion, is theft!
-
Brian Geng commented
I would like to add my voice to request Microsoft add DMARC reporting to their platform. It's shocking to me that they don't already have this in place.