Domain-based Message Authentication, Reporting & Conformance (DMARC) is a standard that helps prevent spoofing by verifying the sender’s identity. If an email fails DMARC validation, it often means t...
Updated Jul 26, 2023
Version 3.0
Blog Post
3 MIN READ
Announcing New DMARC Policy Handling Defaults for Enhanced Email Security
Can you elaborate if/when the action defined in this new DMARC handling feature can be overridden by allow listing?
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/create-safe-sender-lists-in-office-365?view=o365-worldwide
Returning with an update for this unanswered question, finally got the feature rolled out on a dev tenant and had time to test how HonorDMARC behaves when colliding with user&admin allows.
Admins can override HonorDMARC enforcement via:
- ETR to set SCL: -1 (Bypass Spam Filtering)
- TABL Spoof Allow
Disappointingly, End Users can also override HonorDMARC enforcement via MailboxJunkEmailConfiguration Trusted Senders (aka Outlook Safe Senders).
Fingers crossed someone gets back to me on this bit about End User override isn't true/expected, if not, that means I'd rather just create ETRs and enforce Reject/Quarantine based on Authentication-Results header value than use this feature.