cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

As of February 2021, does EOP/Microsoft now send DMARC aggregate reports?

Jeremy Bradshaw
Steel Contributor

‎Feb 05 2021 06:56 AM

‎Feb 05 2021 06:56 AM

As of February 2021, does EOP/Microsoft now send DMARC aggregate reports?

I believe I have spotted evidence that the answer is yes.  If you look at this answers.microsoft.com thread the answer states:

 

TL;DR

Office 365 currently does not send out any DMARC reports. If it was sending out Aggregate reports, being behind a Mimecast would still generate reports for emails not filtered by Mimecast (not SPAM or Phishing). They would probably contain a lot of failures, because, for Office 365, the sending server will be Mimecast, which most likely is not added to the SPF of the sending domain. And, depending on what Mimecast is doing with the emails, the DKIM signature, if present at all, may be broken.

 

@The_Exchange_Team / @Greg Taylor - EXCHANGE  are you able to confirm if EOP does in fact now send DMARC aggregate reports?  Working with a customer whose MX records point to an on-premises mail gateway, and they're getting reports from affiliates who use DMARC in reporting mode that that their mail gateway is trying to send mail for them, unauthenticated'ly.  Essentially the exact issue that is alluded to in hypothetical terms in the quoted answer excerpt above.

 

Thanks in advance.

Labels:
11.8K Views
0 Likes
23 Replies
Reply
23 Replies
fleeman

‎Nov 08 2022 12:18 PM - edited ‎Nov 08 2022 12:23 PM

‎Nov 08 2022 12:18 PM - edited ‎Nov 08 2022 12:23 PM

Re: As of February 2021, does EOP/Microsoft now send DMARC aggregate reports?

@Arindam ThokderI found the issue that is causing the Microsoft DMARC reports to fail RFC compliance about 1% of the time (https://www.uriports.com/blog/dmarc-reports-ietf-rfc-compliance/). Sometimes the reports have empty elements for domain and selector DKIM auth results.

 

bb2eadbf-2025-4a67-88fa-a9ae0a5307dd.png

 

RFC7489:

 

   <xs:complexType name="DKIMAuthResultType">
     <xs:all>
       <!-- The "d=" parameter in the signature. -->
       <xs:element name="domain" type="xs:string"
                   minOccurs="1"/>
       <!-- The "s=" parameter in the signature. -->
       <xs:element name="selector" type="xs:string"
                   minOccurs="0"/>
       <!-- The DKIM verification result. -->
       <xs:element name="result" type="DKIMResultType"
                   minOccurs="1"/>
       <!-- Any extra information (e.g., from
            Authentication-Results). -->
       <xs:element name="human_result" type="xs:string"
                   minOccurs="0"/>
     </xs:all>
   </xs:complexType>

 

 Schermafbeelding 2022-11-08 211746.jpg

0 Likes
Reply
MsdnUsrSince1994

‎Nov 08 2022 12:32 PM

‎Nov 08 2022 12:32 PM

Re: As of February 2021, does EOP/Microsoft now send DMARC aggregate reports?

@fleemanThat doesn't address the MIME conformance errors in my followup comment.

 

0 Likes
Reply
fleeman

‎Nov 08 2022 02:05 PM

‎Nov 08 2022 02:05 PM

Re: As of February 2021, does EOP/Microsoft now send DMARC aggregate reports?

No, it doesn't. I'm addressing an issue with the report itself.
0 Likes
Reply
freddieleeman

‎Jan 08 2023 04:17 AM

‎Jan 08 2023 04:17 AM

Re: As of February 2021, does EOP/Microsoft now send DMARC aggregate reports?

@The_Exchange_Team @Arindam Thokder, I've located the source of this issue. The empty elements are added when an email is signed with an ed25519 DKIM signature.

1 Like
Reply