Forum Discussion

JeremyTBradshaw's avatar
JeremyTBradshaw
Iron Contributor
Feb 05, 2021
Solved

As of February 2021, does EOP/Microsoft now send DMARC aggregate reports?

I believe I have spotted evidence that the answer is yes.  If you look at this answers.microsoft.com thread the answer states:   TL;DR Office 365 currently does not send out any DMARC reports. If ...
dmarc
EOP
exchange online
Arindam_Thokder's avatar
Arindam_Thokder
Icon for Microsoft rankMicrosoft
Sep 16, 2021

Thanks all for the details and we have fixed the issue and it is rolling out.

freddieleeman's avatar
freddieleeman
Brass Contributor
Sep 28, 2021

Arindam_ThokderYou have only solved part of the problem. As of this week, the report attachment has been split into multiple lines, but unfortunately you didn't do this for the headers and body, so the entire message is still not RFC compliant.

 

 

And why do you (UTF8 BASE64) encode the subject and body, even when they do not contain special characters? I process DMARC aggregate reports from more than 3,000 organizations, and all of them (with the exception of Seznam) just use plain text, which makes processing them a lot easier.

  • Arindam_Thokder's avatar
    Arindam_Thokder
    Icon for Microsoft rankMicrosoft
    Oct 27, 2021
    freddieleeman - we have fixed the base 64 encoding issue by splitting the encoding line of test/html into lines of 78 characters. Could you please have a look.
    • fleeman's avatar
      fleeman
      Copper Contributor
      Nov 08, 2022

      Arindam_ThokderI found the issue that is causing the Microsoft DMARC reports to fail RFC compliance about 1% of the time (https://www.uriports.com/blog/dmarc-reports-ietf-rfc-compliance/). Sometimes the reports have empty elements for domain and selector DKIM auth results.

       

       

      RFC7489:

       

         <xs:complexType name="DKIMAuthResultType">
     <xs:all>
       <!-- The "d=" parameter in the signature. -->
       <xs:element name="domain" type="xs:string"
                   minOccurs="1"/>
       <!-- The "s=" parameter in the signature. -->
       <xs:element name="selector" type="xs:string"
                   minOccurs="0"/>
       <!-- The DKIM verification result. -->
       <xs:element name="result" type="DKIMResultType"
                   minOccurs="1"/>
       <!-- Any extra information (e.g., from
            Authentication-Results). -->
       <xs:element name="human_result" type="xs:string"
                   minOccurs="0"/>
     </xs:all>
   </xs:complexType>

       

       

    • freddieleeman's avatar
      freddieleeman
      Brass Contributor
      Oct 28, 2021
      We are processing new reports from Outlook right now (06:20 CET), and the issue has not been resolved.
    • freddieleeman's avatar
      freddieleeman
      Brass Contributor
      Oct 27, 2021
      The last DMARC aggregate report we've processed was from today (Oct 27) at 11:55 CET, and it still had a base64 encoded text/html part that was not divided into lines of 78 characters. So why would you even base64 this part and the subject anyway?

Resources