How Microsoft’s new aggregate DMARC reports enhance visibility of your sending sources

As of March 2023, Microsoft 365 has started sending aggregate DMARC reports from domains that use Microsoft-hosted MX records. This long-awaited release fixes a blindspot with inbound mail to an M365 tenant that existed; previously, where Microsoft didn’t report on DMARC results, you would miss crucial insight (and legitimate senders) that could then be blocked from sending emails once p=reject was enabled.

Now, with Microsoft’s aggregate reports, you gain visibility into:

  • Which emails sent from your domain to your M365 tenant are currently passing or failing DMARC
  • Who the senders and receivers of emails from your domain are
  • Where in the world emails are being sent from using your domain

With this insight, you gain a deeper understanding of your sending sources and their email configuration, enabling you to pinpoint and solve issues within your organization quickly before progressing to a policy of full DMARC enforcement (p=reject).

What new fields has Microsoft introduced in their reports?

Microsoft has added three new insights to the DMARC XML reports:

  • Envelope To – allowing you to track the receiving domain
  • Envelope From – allowing you to track sending domain used in the return-path
  • SPF scope – allowing you to determine if Microsoft based their SPF result on the MailFrom or the HELO command

These fields provide additional information about an organization’s email traffic so that they can better understand where shadow IT or email forwarding is occurring. This data was previously only available with OnDMARC’s unique enhanced forensic data feeds.

How is OnDMARC surfacing these new fields and why is it useful?

Thanks to quick work by our Engineering team, OnDMARC is one of the first DMARC vendors to have processed and surfaced Microsoft’s new fields in its dashboards, ensuring that our users have this new detailed data about their email domains at their fingertips. 

Domain owners need a solution like OnDMARC to process and analyze DMARC aggregate reports as Microsoft (and other reporting providers) only provide raw XMLs.

Extract of a raw XML DMARC file

OnDMARC ingests the raw XML reports and contextualizes the relevant and granular information about your sending sources in an intuitive dashboard. This visibility provides you with additional insights into your email setup so that you can make informed and more accurate configuration decisions in less time, thus decreasing the time needed to complete a DMARC implementation project.

New Microsoft DMARC fields surfaced in OnDMARC’s dashboards

How OnDMARC adds proactive defense to Microsoft 365

By using the OnDMARC platform, Microsoft 365 customers can enhance their email setup and protect against a wide range of outbound and inbound email-based threats. With our solution, customers have full visibility of their sending sources, both inbound and outbound, and can expect to reach DMARC enforcement and block malicious spoofing emails from getting to their employees, customers, and partners in as little as 4-8 weeks.

OnDMARC seamlessly plugs into the Microsoft environment and works in harmony with Microsoft Defender for Office 365 to provide a robust layered defense against advanced email threats. The Microsoft Intelligent Security Association (MISA) recognizes and lists OnDMARC as an approved integration and preferred solution in the Azure Marketplace, acknowledging it as fully complementary to Microsoft’s own email security solutions.

“At Microsoft, we look to build enduring, ongoing relationships with partners like Red Sift protecting e-mail and other hybrid work essentials. With increasingly sophisticated cyber criminals targeting email communications, the Red Sift platform helps Microsoft 365 customers to enhance the security of their systems.”

Parri Munsell, Senior Director, Microsoft Security Marketing

Ready to secure your organization’s email inboxes against phishing?

PUBLISHED BY

Francesca Rünger-Field

21 Apr. 2023

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
News

Winter wins: Red Sift OnDMARC wraps up 2024 as a G2 DMARC…

Francesca Rünger-Field

The season of giving has brought us another reason to celebrate! Red Sift OnDMARC continues its winning streak in G2’s Winter 2025 report, earning Leader status in the DMARC category for another consecutive season. This recognition reflects our strong market presence and the unwavering satisfaction of our customers. Cheers to wrapping up 2024 on…

Read more
AI

Text classification in the age of LLMs

Phong Nguyen

As natural language processing (NLP) advances, text classification remains a foundational task with applications in spam detection, sentiment analysis, topic categorization, and more. Traditionally, this task depended on rule-based systems and classical machine learning algorithms. However, the emergence of deep learning, transformer architectures, and Large Language Models (LLMs) has transformed text classification, allowing for…

Read more
Security

How to drive cybersecurity as a top business priority

Jack Lilley

Everyone has a role to play in protecting the enterprise. Whether you’re shaping strategy or implementing solutions, aligning efforts to mitigate critical risks ensures a stronger, more resilient enterprise. If you missed Red Sift’s recent webinar on “From Data to Buy-In: Driving Cybersecurity as a Top Business Priority” we’ve got you covered. The session…

Read more
DMARC

BreakSPF: How to mitigate the attack

Red Sift

BreakSPF is a newly identified attack framework that exploits misconfigurations in the Sender Policy Framework (SPF) a widely used email authentication protocol. A common misconfiguration involves overly permissive IP ranges, where SPF records allow large blocks of IP addresses to send emails on behalf of a domain. These ranges often include shared infrastructures like…

Read more