No short-term plans. Although Advanced Threat Protection will be able to approximate some of it using our reporting via the Get-PhishFilterPolicy cmdlet. They could use:
$file = "SpoofedSendersImpersonatingMyDomain.csv" Get-PhishFilterPolicy -Detailed -SpoofAllowBlocklist -SpoofType Internal | Export-CSV $file See https://docs.microsoft.com/en-us/powershell/module/exchange/advanced-threat-protection/Get-PhishFilterPolicy?view=exchange-ps There are some improvements coming to that report as well. It's not a DMARC report and has a lot less meta-data, but does give some of the key information if a DMARC aggregator wants to parse it out. This could be sent to a 3rd party if an admin wanted to write a script to do this by combining the following: 1. Connect to Exchange Online using Powershell, https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/connect-to-exchange-online-powershell?view=exchange-ps 2. Run that script above 3. Send email via Powershell to the 3rd party aggregator, https://practical365.com/exchange-server/powershell-how-to-send-email/ --Terry -----Original Message----- From: Randal Pinto <ran...@redsift.io> Sent: Tuesday, April 24, 2018 12:32 AM To: Terry Zink <tz...@microsoft.com>; dmarc-discuss@dmarc.org Subject: Re: [dmarc-discuss] [EXTERNAL] Re: Mimecast and Office 365 Hi Terry, Other Microsoft properties such as LinkedIn and Outlook generate DMARC reports, is there a plan to roll this out to Office 365? We find that a number of people who embark on implementing DMARC and have stats from their gateways expect to see a similar number (or close enough) in their DMARC reports and by Microsoft being a common destination it makes a significant difference on the numbers. It also means that users don’t benefit from forensics, Microsoft being one of a few who support this part of the spec. Best, Randal > On 24 Apr 2018, at 06:53, Terry Zink via dmarc-discuss > <dmarc-discuss@dmarc.org> wrote: > > Okay, when I say "internal mail" I mean intra-tenant mail. Inter-tenant mail > is basically the same as external mail from a customer perspective. > > -----Original Message----- > From: Roland Turner <rol...@rolandturner.com> > Sent: Monday, April 23, 2018 9:58 PM > To: Terry Zink <tz...@microsoft.com>; dmarc-discuss@dmarc.org > Subject: [EXTERNAL] Re: [dmarc-discuss] Mimecast and Office 365 > > On 24/04/18 00:51, Terry Zink via dmarc-discuss wrote: > >>> Failure reporting seems odd (because it's always legitimate) until >>> you recall that part of the purpose of failure reporting is to >>> discover errors by the domain registrant, particularly >> >>> including errors in the DNS zone file, which may or may not >> >>> be under Office 365 control >> >> If Office 365 isn’t doing any DNS checks for SPF, DKIM, and DMARC for >> internal email, then how would a DMARC report help with any of that? >> > > On this line of reasoning, it would be necessary to perform those checks > during message handling. > > (I note that you refer here to "internal mail" and below to > "inter-tenant communication". To be clear, I'm referring specifically > to DMARC reporting - both failure and aggregate - for inter-tenant > email, rather than for intra-tenant email.) >> >>> Aggregate reporting likewise seems like something that would make >>> sense for inter-tenant communication >> >> Inter-tenant communication is treated the same (more or less) as an >> inbound message that originates from outside the service, so any >> DMARC reports that are sent would not different between >> tenant-to-tenant mail vs. outside-to-Office365 mail. >> > > So long as the checks are being performed, yes, this is what I'm suggesting. > > You might reasonably object that the incremental benefit in performing these > tests is too small to warrant performing them of course (presumably there are > no large mailing-list operators using Office 365). > >>> Does Office 365 DKIM sign inter-tenant email? >> >> Yes. Inter-tenant mail is treated the same for DKIM purposes as >> Tenant-to-external mail. Our customer guidance is here for DKIM: >> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftech >> n >> et.microsoft.com%2Fen-us%2Flibrary%2Fmt695945(v%3Dexchg.150).aspx&dat >> a >> =02%7C01%7Ctzink%40microsoft.com%7Cabbbe14f6bb34e45729108d5a9a007be%7 >> C >> 72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636601427147563145&sdata=q >> 0 >> XGyDUlS9dz9n25T5IrxtsbzyX6FIXTstxD7ZI0Exw%3D&reserved=0 >> > > Great. > > - Roland > > > _______________________________________________ > dmarc-discuss mailing list > dmarc-discuss@dmarc.org > https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.dm > arc.org%2Fmailman%2Flistinfo%2Fdmarc-discuss&data=02%7C01%7Ctzink%40mi > crosoft.com%7C80da142c7cda40dfee6508d5a9b58a5c%7C72f988bf86f141af91ab2 > d7cd011db47%7C1%7C0%7C636601519534890369&sdata=MQQRNveAYo%2Bq87bJDwBUa > jNdZMWAgpK0RhAz3FMliYw%3D&reserved=0 > > NOTE: Participating in this list means you agree to the DMARC Note > Well terms > (https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.d > marc.org%2Fnote_well.html&data=02%7C01%7Ctzink%40microsoft.com%7C80da1 > 42c7cda40dfee6508d5a9b58a5c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0 > %7C636601519534890369&sdata=m%2FDSzqEhTsH5FWATa%2BqyHNOIBgG7etpDXbn8U0 > HcqxQ%3D&reserved=0) -- Red Sift <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fredsift.com%2F&data=02%7C01%7Ctzink%40microsoft.com%7C80da142c7cda40dfee6508d5a9b58a5c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636601519534890369&sdata=saB2Cye8CTAf%2Bf7YedjKs7jyOx1Q9qRnLukF2NiJtpk%3D&reserved=0> is the power behind OnDMARC <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fondmarc.com%2F&data=02%7C01%7Ctzink%40microsoft.com%7C80da142c7cda40dfee6508d5a9b58a5c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636601519534890369&sdata=ivVlu%2B22xG7wbfLlc3czFrPOUEUDYXZe1fVUbLfD1kM%3D&reserved=0> You can find us at 20 Air Street, <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.google.co.uk%2Fmaps%2Fplace%2F20%2BAir%2BSt%2C%2BSoho%2C%2BLondon%2BW1B%2B5DL%2F%4051.5106005%2C-0.1386838%2C17z%2Fdata%3D!3m1!4b1!4m5!3m4!1s0x487604d43ec83ee3%3A0x6c9ba83f8be1d3bc!8m2!3d51.5105972!4d-0.1364951&data=02%7C01%7Ctzink%40microsoft.com%7C80da142c7cda40dfee6508d5a9b58a5c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636601519534890369&sdata=v2Dvlt0%2Bqxq17m36qoGkMBpcxLyPXjv9kKXnsH8nzlE%3D&reserved=0>4th Floor - Wayra, London, W1B 5AN, UK <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.google.co.uk%2Fmaps%2Fplace%2F20%2BAir%2BSt%2C%2BSoho%2C%2BLondon%2BW1B%2B5DL%2F%4051.5106005%2C-0.1386838%2C17z%2Fdata%3D!3m1!4b1!4m5!3m4!1s0x487604d43ec83ee3%3A0x6c9ba83f8be1d3bc!8m2!3d51.5105972!4d-0.1364951&data=02%7C01%7Ctzink%40microsoft.com%7C80da142c7cda40dfee6508d5a9b58a5c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636601519534890369&sdata=v2Dvlt0%2Bqxq17m36qoGkMBpcxLyPXjv9kKXnsH8nzlE%3D&reserved=0> Or follow us at @redsift <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fredsift&data=02%7C01%7Ctzink%40microsoft.com%7C80da142c7cda40dfee6508d5a9b58a5c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636601519534890369&sdata=HHc8bpxyKUTV7Tir6r2mMQqs2Eg71lpmZt7MlfZhphI%3D&reserved=0> and @getondmarc <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fgetondmarc&data=02%7C01%7Ctzink%40microsoft.com%7C80da142c7cda40dfee6508d5a9b58a5c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636601519534890369&sdata=EyAgVM7ZazN1kcyIzAEAALFP4d61jNmX4wqkieYExIE%3D&reserved=0> If you have a couple of minutes spare why not... Read about how we helped ADS beat phishing in the UK Defence Journal <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fukdefencejournal.org.uk%2Fads-group-solves-email-deliverability-issues-combats-phishing-ondmarc%2F&data=02%7C01%7Ctzink%40microsoft.com%7C80da142c7cda40dfee6508d5a9b58a5c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636601519534900377&sdata=5ngAiVIfxmNEc0aduQePfq0bFp2h72LEn7iSZ%2F2tZE4%3D&reserved=0>. Or check out our latest advice <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fblog.ondmarc.com%2F%3Futm_source%3Drs_email_signature%26utm_medium%3Demail&data=02%7C01%7Ctzink%40microsoft.com%7C80da142c7cda40dfee6508d5a9b58a5c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636601519534900377&sdata=MTg15DOfhVmXk%2FImw4yC0jsmuPlK8jNBQkSwCpG9uXw%3D&reserved=0> on boosting email deliverability and beating phishing. Red Sift is a limited company registered in England and Wales. Registered number: 09240956. Registered office: Kemp House, 152 City Road, London EC1V 2NX <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.google.co.uk%2Fmaps%2Fplace%2FCapital%2BOffice%2BLtd%2F%4051.5272368%2C-0.0909491%2C17z%2Fdata%3D!3m1!4b1!4m5!3m4!1s0x48761ca66edc14a7%3A0x7f2d799bdd09666c!8m2!3d51.5272335!4d-0.0887604&data=02%7C01%7Ctzink%40microsoft.com%7C80da142c7cda40dfee6508d5a9b58a5c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636601519534900377&sdata=2JbheTdsTzBb11szEIoTIZlRufKJvyuIDViFjG66qQA%3D&reserved=0>. _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
