How Microsoft’s new aggregate DMARC reports enhance visibility of your sending sources

As of March 2023, Microsoft 365 has started sending aggregate DMARC reports from domains that use Microsoft-hosted MX records. This long-awaited release fixes a blindspot with inbound mail to an M365 tenant that existed; previously, where Microsoft didn’t report on DMARC results, you would miss crucial insight (and legitimate senders) that could then be blocked from sending emails once p=reject was enabled.

Now, with Microsoft’s aggregate reports, you gain visibility into:

  • Which emails sent from your domain to your M365 tenant are currently passing or failing DMARC
  • Who the senders and receivers of emails from your domain are
  • Where in the world emails are being sent from using your domain

With this insight, you gain a deeper understanding of your sending sources and their email configuration, enabling you to pinpoint and solve issues within your organization quickly before progressing to a policy of full DMARC enforcement (p=reject).

What new fields has Microsoft introduced in their reports?

Microsoft has added three new insights to the DMARC XML reports:

  • Envelope To – allowing you to track the receiving domain
  • Envelope From – allowing you to track sending domain used in the return-path
  • SPF scope – allowing you to determine if Microsoft based their SPF result on the MailFrom or the HELO command

These fields provide additional information about an organization’s email traffic so that they can better understand where shadow IT or email forwarding is occurring. This data was previously only available with OnDMARC’s unique enhanced forensic data feeds.

How is OnDMARC surfacing these new fields and why is it useful?

Thanks to quick work by our Engineering team, OnDMARC is one of the first DMARC vendors to have processed and surfaced Microsoft’s new fields in its dashboards, ensuring that our users have this new detailed data about their email domains at their fingertips. 

Domain owners need a solution like OnDMARC to process and analyze DMARC aggregate reports as Microsoft (and other reporting providers) only provide raw XMLs.

Extract of a raw XML DMARC file

OnDMARC ingests the raw XML reports and contextualizes the relevant and granular information about your sending sources in an intuitive dashboard. This visibility provides you with additional insights into your email setup so that you can make informed and more accurate configuration decisions in less time, thus decreasing the time needed to complete a DMARC implementation project.

New Microsoft DMARC fields surfaced in OnDMARC’s dashboards

How OnDMARC adds proactive defense to Microsoft 365

By using the OnDMARC platform, Microsoft 365 customers can enhance their email setup and protect against a wide range of outbound and inbound email-based threats. With our solution, customers have full visibility of their sending sources, both inbound and outbound, and can expect to reach DMARC enforcement and block malicious spoofing emails from getting to their employees, customers, and partners in as little as 4-8 weeks.

OnDMARC seamlessly plugs into the Microsoft environment and works in harmony with Microsoft Defender for Office 365 to provide a robust layered defense against advanced email threats. The Microsoft Intelligent Security Association (MISA) recognizes and lists OnDMARC as an approved integration and preferred solution in the Azure Marketplace, acknowledging it as fully complementary to Microsoft’s own email security solutions.

“At Microsoft, we look to build enduring, ongoing relationships with partners like Red Sift protecting e-mail and other hybrid work essentials. With increasingly sophisticated cyber criminals targeting email communications, the Red Sift platform helps Microsoft 365 customers to enhance the security of their systems.”

Parri Munsell, Senior Director, Microsoft Security Marketing

Ready to secure your organization’s email inboxes against phishing?


Francesca Rünger-Field

21 Apr. 2023



Recent Posts


Red Sift Recognized on Deloitte’s EMEA Fast 500™ List

Francesca Rünger-Field

We’re thrilled to share that Red Sift has been included in Deloitte’s 2023 EMEA Fast 500 list. This recognition stems from 389% revenue growth over three years, $54 million in Series B funding, acquiring ASM innovator Hardenize, and introducing the Red Sift Pulse Platform. Read the press release here. About the award The Deloitte Technology Fast…

Read more
Brand Protection

The vital role of cybersecurity for Nonprofits: A deep dive 

Sean Costigan

Save the Children, a beacon of hope and change, has been dedicated to improving the lives of children for over a century. Founded in London, it now has a presence in 29 nations, employing 844 staff members in the UK alone and engaging over 3600 formal volunteers. As charities and nonprofits like Save the…

Read more

Red Sift brings DMARC data to the SOC with new Cisco XDR…

Rebecca Warren

Today, we’re thrilled to announce that we’re extending our partnership by joining the Cisco Security Technical Alliance and integrating Red Sift OnDMARC with Cisco XDR. This integration builds on the Domain Protection partnership we announced in November 2023 to bring visibility of business email compromise into the SOC (security operations center). At release, Red…

Read more

Preventing certificate related violations in cybersecurity frameworks:  A guide to certificate monitoring…

Rebecca Warren

TLS is one of the most widely adopted security protocols in the world allowing for unprecedented levels of commerce across the internet.  At the core of the TLS protocol is TLS certificates. Organizations must deploy TLS certificates and corresponding private keys to their systems to provide them with unique identities that can be reliably…

Read more