DMARC Aggregate Reports from O365 Domains
Ability for Office 365 to send DMARC Aggregate reports when set in a monitoring policy to see which aouthorised\unauthorised senders are using my domain suffix... just like other vendors are already doing.
This is work we are planning to do although there is no ETA at this time.
I feel this a major omission on the email handling side. My DMARC monitoring receives the majority of its reports from Google and nothing at all from 365 domains. Since most of my customers are based on 365 this means I have no DMARC data showing if my customers might be impacted by abuse of my domain. I am confident the 365 filtering will respect my DMARC policy, but I'd love to have the data as evidence that is actually happening.
Chris Lewis commented
We had a major spoofing campaign on our domain - thousands of spam emails sent from our domain. I couldn't set the DMARC policy to quarantine because I have NO visibility into our "good" emails to know that things are configured correctly. I didn't want to risk quarantining our good emails too. Not getting DMARC aggregate reports renders DMARC practically useless for O365 domains.
Davide Pagnin commented
In 2020 it seems incredible that MS has not yet re-enabled DMARC reporting from 2017, when they stopped reporting them. Please Re-Enable reporting. Do the right thing for mail security of everybody. Please.
Omg MS just get it done!
Chris Evans commented
A renewed sense of urgency needs to be applied to this.
With such a massive market share, not getting DMARC reporting from Office 365 undermines the legitimacy of every single DMARC Aggregator and reporting tool available.
This needs to be done, yesterday
In a few months, we're living in the year 2021. Pandemic going on. Loads of people working from home, and Phishing has never been as big a problem as it is now, and it will continue to grow.
Microsoft, please put a number of people on this. We really, really, really, really need the visibility to go from p=quarantine to p=reject.
We cannot do that without reporting from Office 365. Please do your part. Enable DMARC reporting!
Please implement this ASAP, we are completely in the dark with regards to DMARC on Microsoft addresses! Currently getting lots of spoofing on our domains and even with reject=100 the emails are still getting through...need to see what's happening.
Ranjit Kumar commented
please implement DMARC for O365 mails. This is really consuming more effort to tackle daily spam mails.
you really need to hurry up, yesterday I got scam email. he's blackmailed me to transfer some bitcoin. He claimed already hack my computer (I know this is bullshit) but 3 years I was using gsuite I never got any scam email like this. I only receive email from my client and organization. everything change after I start using office365.
We are currently in IL2 and ready to move to IL5, hoping that this DMARC feature will be available ASAP. WE needs the ability to analyze the RUA and RUF reports in friendly format. Please make it happen and provide ETA for all of us within the GCC.
As DMARC gains popularity 365 is becoming a a blackhole with respect to DMARC and this reflects badly on 365 customers. This does need to be addressed by Microsoft if the industry is tackle email misuse.
all Microsoft email domains, need SPF, DKIM, DMARC. MTA-STS, TLS-RPT, DANE
From what I have heard, this worked until the migration of Hotmail into ExO
Jon Hilmar Edvardsen commented
As you are (finally) implementing the IETF rfc7489 standard please respect it fully, so that you start treating Policy=Reject as Reject, and not as Personal User Quarantine, as is your current implementation.
https://tools.ietf.org/html/rfc7489 is an open protocol. Sending reports to your own mailboxes only, breaks the protocol for all others. That, in my humble opinion, is theft!
Brian Geng commented
I would like to add my voice to request Microsoft add DMARC reporting to their platform. It's shocking to me that they don't already have this in place.
Andrew W commented
Microsoft would you hurry up? Email fraud has never been bigger and you are missing in action here at an otherwise very useful standard to help people and organisations protect their identities.
@Sean S: Is there any update to be given? A hint for a planned ETA possibly?
Wijbren de Vries / www.mailreport.eu commented
Hope this is not for Microsoft 365 alone but also for the Outlook.com platform.
Both stopped reporting at the same time in the past.
This is what i wrote a four months ago:
In a few day's, we're living in the year 2020. Phishing has never been as big a problem as it is now, and it will continue to grow. Microsoft, please put a number of people on this. We really, really need the visibility to go from p=quarantine to p=reject. We cannot do that without reporting from Office 365. Please do your part. Enable DMARC reporting!