SOLVED
Home

Why doesn't O365 produce DMARC reporting?

%3CLINGO-SUB%20id%3D%22lingo-sub-319843%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20doesn't%20O365%20produce%20DMARC%20reporting%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-319843%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20Chris%20-%20the%20extra%20info%2Fcontext%20is%20super%20helpful.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20a%20tool%20in%20place%20(like%20Agari)%20to%20aggregate%20the%20reporting%20to%20then%20use%20in%20building%20out%20our%20SPF%20and%20DKIM%20setup%20in%20prep%20for%20DMARC%20-%20we're%20just%20missing%20so%20much%20not%20having%20reporting%2Ftelemetry%20coming%20from%20O365%20and%20feeding%20into%20the%20tool%20we%20use.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20not%20ready%20to%20give%20up%20on%20this%20one%20just%20yet%20-%20so%20will%20keep%20poking%20to%20see%20if%20I%20can%20get%20something%20more.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%2C%3C%2FP%3E%3CP%3EScotty%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-319785%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20doesn't%20O365%20produce%20DMARC%20reporting%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-319785%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Scott%2C%3CBR%20%2F%3E%3CBR%20%2F%3EThis%20has%20been%20asked%20for%20a%20very%20long%20time%20-%20I%20had%20customers%20as%20far%20back%20as%202012%26nbsp%3Basking%20for%20it%20when%20I%20started%20doing%20large%20scale%20migrations%20to%20Office%20365.%20As%20expected%20there%20is%20a%20Uservoice%20open%20for%20it.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Foffice365.uservoice.com%2Fforums%2F264636-general%2Fsuggestions%2F11094318-dmarc-aggregate-reports-from-o365-domains%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Foffice365.uservoice.com%2Fforums%2F264636-general%2Fsuggestions%2F11094318-dmarc-aggregate-reports-from-o365-domains%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EWhen%20Microsoft%20themselves%20implemented%20DMARC%20they%20used%20Agari%20for%20the%20reports.%20There%20was%20quite%20a%20well%20known%20blog%20series%20by%20Terry%20Zink%20on%20it%20at%20the%20time.%20Whilst%20they%20ended%20up%20introducing%20DKIM%20into%20the%20EOP%20service%20on%20top%20of%20SPF%20and%20began%20using%20DMARC%20-%20even%20to%20the%20point%20of%20instructing%20how%20to%20put%20together%20a%20DMARC%20record%20and%20tightening%20it%20over%20time%2C%20they%20never%20got%20involved%20in%20the%20reporting%20side%20of%20things.%20Agari%20was%20usually%20recommended%20for%20enterprise%20size%20clients%20whilst%20DMARCIAN%20was%20recommended%20for%20SMB.%3CBR%20%2F%3E%3CBR%20%2F%3EThey%20never%20explained%20exactly%20they%20never%20got%20into%20DMARC%20reporting.%20I%20guess%20this%20is%20something%20to%20vote%20for%20on%20the%20Uservoice%20to%20try%20and%20push%20it%20to%20their%20attention.%20It%20would%20make%20complete%20sense%20-%20and%20even%20more%20to%20analyse%20that%20in%20Power%20BI.%3CBR%20%2F%3E%3CBR%20%2F%3EHope%20I%20have%20answered%20your%20question.%3CBR%20%2F%3E%3CBR%20%2F%3EBest%2C%20Chris%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-684952%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20doesn't%20O365%20produce%20DMARC%20reporting%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-684952%22%20slang%3D%22en-US%22%3EAny%20news%20on%20Dmarc%20reporting%20from%20Microsoft%2FO365%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-851596%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20doesn't%20O365%20produce%20DMARC%20reporting%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-851596%22%20slang%3D%22en-US%22%3Eseems%20Microsoft%20made%20a%20solution%20with%20a%203rd%20party%2C%20here's%20a%20blog%20post%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2019%2F06%2F03%2Fsecure-cloud-free-dmarc-monitoring-office-365%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2019%2F06%2F03%2Fsecure-cloud-free-dmarc-monitoring-office-365%2F%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-994183%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20doesn't%20O365%20produce%20DMARC%20reporting%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-994183%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F407921%22%20target%3D%22_blank%22%3E%40MathBSQ%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EValimail%20is%20a%20reporting%20tool%20(similar%20to%20something%20like%20Dmarcian)%2C%20this%20doesn't%20address%20the%20issue%20of%20Microsoft%20not%20sending%20DMARC%20reports.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20example%20I%20run%20HelpScout%20as%20a%20help%20desk%20for%20one%20business%2C%20DKIM%2C%20SPF%20and%20DMARC%20are%20all%20configured.%20I%20can%20see%20that%20Google%2C%20Yahoo%2C%20etc.%20are%20receiving%20emails%20from%20Helpscout%20and%20they%20are%20passing%20and%20domain%20aligned.%20Great.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20then%20a%20customer%20tells%20me%20the%20emails%20are%20going%20to%20his%20junk%20folder%2C%20I%20check%20and%20he%20is%20on%20Office365...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20no%20visibility%20from%20Microsoft%20servers%20if%20they%20are%20happy%20with%20the%20email%20authentication%20or%20not.%20I%20assume%20they%20are%2C%20but%20I%20have%20no%20idea.%20I%20also%20have%20no%20idea%20if%20anyone%20is%20trying%20to%20spoof%20our%20domain%20to%20Office365%20users.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20same%20problem%20if%20I%20am%20helping%20other%20clients%20not%20on%20Office365%20with%20their%20deliverability...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20just%20don't%20understand%20why%20Microsoft%20wouldn't%20comply%20with%20the%20DMARC%20reporting%20like%20all%20the%20othe%20big%20providers%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-319757%22%20slang%3D%22en-US%22%3EWhy%20doesn't%20O365%20produce%20DMARC%20reporting%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-319757%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe're%20working%20through%20DMARC%20for%20our%20org%2C%20and%20I'm%20trying%20to%20understand%20why%20O365%20doesn't%20produce%20DMARC%20reporting%20for%20mail%20it%20receives%20-%20that%20can%20be%20consumed%20and%20analysed%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20spoken%20to%20a%20couple%20of%20people%20at%20MS%20and%20have%20gotten%20a%20response%20that%20revolves%20around%20relying%20on%20other%20email%20providers%20DMARC%20reporting%20(like%20Gapps%20etc).%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20getting%20reporting%20from%20all%20other%20large%20email%20providers%20that%20produce%20it%2C%20however%20we%20have%20a%20massive%20blind%20spot%20for%20all%20O365%20email%20traffic%20-%20both%20to%20our%20tenant%20but%20also%20anyone%20else%20using%20O365.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGiven%20the%20prevalence%20of%20large%20corps%20using%20O365%20-%20I%20can't%20quite%20wrap%20my%20head%20around%20why%20this%20isn't%20a%20bigger%20thing.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20anyone%20that%20can%20shed%20some%20light%20on%20why%20this%20is%20the%20case%20-%20or%20better%20yet%20if%20we%20could%20somehow%20get%20O365%20producing%20DMARC%20reporting%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%2C%3C%2FP%3E%3CP%3EScotty%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-319757%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Edmarc%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1047303%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20doesn't%20O365%20produce%20DMARC%20reporting%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1047303%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F169605%22%20target%3D%22_blank%22%3E%40Christopher%20Hoard%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20question%20is%20less%20about%20report%20aggregation%20(like%20Agari)%20and%20more%20about%20MS%20producing%20DMARC%20failure%20and%20aggregate%20reports%20from%20O365%20(like%20Gsuite%20and%20others%20do)%20that%20are%20sent%20to%20whoever%20we%20specifcy%20in%20our%20DMARC%20record%20so%20we%20can%20then%20do%20the%20aggregation.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWithout%20DMARC%20reporting%20generated%20from%20O365%20-%20we're%20missing%20a%20huge%20amount%20of%20data%2Fvisibiltiy%20into%20what%20is%20passing%20and%20failing%20our%20DMARC%20records.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1047380%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20doesn't%20O365%20produce%20DMARC%20reporting%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1047380%22%20slang%3D%22en-US%22%3ESure%2C%20it's%20been%20asked%20for%20a%20long%20time.%20There%20are%20multiple%20uservoices%20on%20it%20including%20this%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Foffice365.uservoice.com%2Fforums%2F289138-office-365-security-compliance%2Fsuggestions%2F36016783-visibility-of-dmarc-reports%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Foffice365.uservoice.com%2Fforums%2F289138-office-365-security-compliance%2Fsuggestions%2F36016783-visibility-of-dmarc-reports%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EI%20can't%20give%20you%20any%20significant%20or%20pertinent%20reason%20why%20Microsoft%20have%20not%20pushed%20this%20more%2C%20especially%20considering%20they%20baked%20DKIM%20into%20the%20Exchange%20Admin%20Centre%20and%20SPF%20goes%20on%20in%20standard%20custom%20domain%20checks.%20I%20would%20like%20to%20see%20this%20functionality%20but%20have%20been%20asked%20about%20it%20since%20at%20least%202014%20when%20CSP%20was%20first%20introduced%20-%20any%20probably%20longer!%20So%20whilst%20there%20are%20uservoices%20then%20I%20would%20say%20that's%20probably%20not%20going%20to%20be%20picked%20up%20anytime%20soon%20so%20you%20may%20also%20want%20to%20raise%20it%20at%20future%20AMA's%2C%20etc.%3CBR%20%2F%3E%3CBR%20%2F%3EBest%2C%20Chris%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1047394%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20doesn't%20O365%20produce%20DMARC%20reporting%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1047394%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F169605%22%20target%3D%22_blank%22%3E%40Christopher%20Hoard%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYeah%2C%20no%20problems.%26nbsp%3B%20I've%20tried%20the%20last%20couple%20of%20times%20I%20was%20in%20Redmond%20to%20find%20the%20right%20person%20within%20O365%20to%20understand%20where%20this%20sits%20but%20haven't%20had%20a%20huge%20amoutn%20of%20luck.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EApprecaite%20the%20responses.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1047880%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20doesn't%20O365%20produce%20DMARC%20reporting%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1047880%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F169605%22%20target%3D%22_blank%22%3E%40Christopher%20Hoard%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20Uservoice%20is%20currently%20%237%20in%20General...%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Foffice365.uservoice.com%2Fforums%2F264636-general%2Fsuggestions%2F11094318-dmarc-aggregate-reports-from-o365-domains%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Foffice365.uservoice.com%2Fforums%2F264636-general%2Fsuggestions%2F11094318-dmarc-aggregate-reports-from-o365-domains%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGeneral%20is%20probably%20not%20the%20best%20place%20for%20it%2C%20but%20surely%20that%20should%20get%20it%20some%20attention%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20feel%20like%20a%20few%20high%20profile%20tech%2Fsecurity%20reporters%20need%20to%20write%20up%20a%20scathing%20article%20or%203%20about%20about%20this%20to%20get%20some%20traction...%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1124503%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20doesn't%20O365%20produce%20DMARC%20reporting%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1124503%22%20slang%3D%22en-US%22%3EArs%20Technica%3F%20Anyone%20know%20anyone%20there%2C%20or%20other%20similar%20blogs%20that%20may%20get%20read%20by%20people%20at%20Microsoft%3F%20Crazy%20stuff%20that%20an%20organisation%20that%20is%20so%20central%20to%20tech%20as%20a%20whole%20does%20not%20implement%20this%20simple%20report%20feature.%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hi All,

 

We're working through DMARC for our org, and I'm trying to understand why O365 doesn't produce DMARC reporting for mail it receives - that can be consumed and analysed?

 

I've spoken to a couple of people at MS and have gotten a response that revolves around relying on other email providers DMARC reporting (like Gapps etc).  

 

We are getting reporting from all other large email providers that produce it, however we have a massive blind spot for all O365 email traffic - both to our tenant but also anyone else using O365.

 

Given the prevalence of large corps using O365 - I can't quite wrap my head around why this isn't a bigger thing.  

 

Is there anyone that can shed some light on why this is the case - or better yet if we could somehow get O365 producing DMARC reporting?

 

Cheers,

Scotty

10 Replies
Highlighted
Solution

Hi Scott,

This has been asked for a very long time - I had customers as far back as 2012 asking for it when I started doing large scale migrations to Office 365. As expected there is a Uservoice open for it.

https://office365.uservoice.com/forums/264636-general/suggestions/11094318-dmarc-aggregate-reports-f...

When Microsoft themselves implemented DMARC they used Agari for the reports. There was quite a well known blog series by Terry Zink on it at the time. Whilst they ended up introducing DKIM into the EOP service on top of SPF and began using DMARC - even to the point of instructing how to put together a DMARC record and tightening it over time, they never got involved in the reporting side of things. Agari was usually recommended for enterprise size clients whilst DMARCIAN was recommended for SMB.

They never explained exactly they never got into DMARC reporting. I guess this is something to vote for on the Uservoice to try and push it to their attention. It would make complete sense - and even more to analyse that in Power BI.

Hope I have answered your question.

Best, Chris

Highlighted

Thanks Chris - the extra info/context is super helpful.

 

We have a tool in place (like Agari) to aggregate the reporting to then use in building out our SPF and DKIM setup in prep for DMARC - we're just missing so much not having reporting/telemetry coming from O365 and feeding into the tool we use.

 

I'm not ready to give up on this one just yet - so will keep poking to see if I can get something more.

 

Cheers,

Scotty

Highlighted
Any news on Dmarc reporting from Microsoft/O365?
Highlighted
Highlighted

@MathBSQ 

 

Valimail is a reporting tool (similar to something like Dmarcian), this doesn't address the issue of Microsoft not sending DMARC reports. 

 

For example I run HelpScout as a help desk for one business, DKIM, SPF and DMARC are all configured. I can see that Google, Yahoo, etc. are receiving emails from Helpscout and they are passing and domain aligned. Great.

 

But then a customer tells me the emails are going to his junk folder, I check and he is on Office365...

 

I have no visibility from Microsoft servers if they are happy with the email authentication or not. I assume they are, but I have no idea. I also have no idea if anyone is trying to spoof our domain to Office365 users.

 

The same problem if I am helping other clients not on Office365 with their deliverability...

 

I just don't understand why Microsoft wouldn't comply with the DMARC reporting like all the othe big providers?

Highlighted

Thanks @Christopher Hoard 

 

My question is less about report aggregation (like Agari) and more about MS producing DMARC failure and aggregate reports from O365 (like Gsuite and others do) that are sent to whoever we specifcy in our DMARC record so we can then do the aggregation.

 

Without DMARC reporting generated from O365 - we're missing a huge amount of data/visibiltiy into what is passing and failing our DMARC records.

Highlighted
Sure, it's been asked for a long time. There are multiple uservoices on it including this

https://office365.uservoice.com/forums/289138-office-365-security-compliance/suggestions/36016783-vi...

I can't give you any significant or pertinent reason why Microsoft have not pushed this more, especially considering they baked DKIM into the Exchange Admin Centre and SPF goes on in standard custom domain checks. I would like to see this functionality but have been asked about it since at least 2014 when CSP was first introduced - any probably longer! So whilst there are uservoices then I would say that's probably not going to be picked up anytime soon so you may also want to raise it at future AMA's, etc.

Best, Chris
Highlighted

Thanks @Christopher Hoard 

 

Yeah, no problems.  I've tried the last couple of times I was in Redmond to find the right person within O365 to understand where this sits but haven't had a huge amoutn of luck.

 

Apprecaite the responses.

 

Cheers!

Highlighted

@Christopher Hoard 

 

This Uservoice is currently #7 in General... 

 

https://office365.uservoice.com/forums/264636-general/suggestions/11094318-dmarc-aggregate-reports-f...

 

General is probably not the best place for it, but surely that should get it some attention?

 

I feel like a few high profile tech/security reporters need to write up a scathing article or 3 about about this to get some traction...

Highlighted
Ars Technica? Anyone know anyone there, or other similar blogs that may get read by people at Microsoft? Crazy stuff that an organisation that is so central to tech as a whole does not implement this simple report feature.