Ah, in that case we've been talking at crossed purposes. I've just
realised that Ivan's question ("Would O365 do DMARC checks for internal
emails ie. O365 tenant employee to another O365 tenant employee?") is
ambiguous:
* I've assumed that he means: Would O365 do DMARC checks for internal
emails ie. O365 tenant employee to (another O365 tenant) employee?",
i.e. an employee of another tenant
* You've assumed that he means: Would O365 do DMARC checks for
internal emails ie. O365 tenant employee to another (O365 tenant
employee)?", i.e. another employee of the same tenant
Ivan, if you're still following, which question are you asking?
- Roland
------------------------------------------------------------------------
On 24/04/18 13:53, Terry Zink via dmarc-discuss wrote:
Okay, when I say "internal mail" I mean intra-tenant mail. Inter-tenant mail is
basically the same as external mail from a customer perspective.
-----Original Message-----
From: Roland Turner <rol...@rolandturner.com>
Sent: Monday, April 23, 2018 9:58 PM
To: Terry Zink <tz...@microsoft.com>; dmarc-discuss@dmarc.org
Subject: [EXTERNAL] Re: [dmarc-discuss] Mimecast and Office 365
On 24/04/18 00:51, Terry Zink via dmarc-discuss wrote:
Failure reporting seems odd (because it's always legitimate) until
you recall that part of the purpose of failure reporting is to
discover errors by the domain registrant, particularly
including errors in the DNS zone file, which may or may not
be under Office 365 control
If Office 365 isn’t doing any DNS checks for SPF, DKIM, and DMARC for
internal email, then how would a DMARC report help with any of that?
On this line of reasoning, it would be necessary to perform those checks during
message handling.
(I note that you refer here to "internal mail" and below to "inter-tenant
communication". To be clear, I'm referring specifically to DMARC reporting - both failure and
aggregate - for inter-tenant email, rather than for intra-tenant email.)
Aggregate reporting likewise seems like something that would make
sense for inter-tenant communication
Inter-tenant communication is treated the same (more or less) as an
inbound message that originates from outside the service, so any DMARC
reports that are sent would not different between tenant-to-tenant
mail vs. outside-to-Office365 mail.
So long as the checks are being performed, yes, this is what I'm suggesting.
You might reasonably object that the incremental benefit in performing these
tests is too small to warrant performing them of course (presumably there are
no large mailing-list operators using Office 365).
Does Office 365 DKIM sign inter-tenant email?
Yes. Inter-tenant mail is treated the same for DKIM purposes as
Tenant-to-external mail. Our customer guidance is here for DKIM:
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftechn
et.microsoft.com%2Fen-us%2Flibrary%2Fmt695945(v%3Dexchg.150).aspx&data
=02%7C01%7Ctzink%40microsoft.com%7Cabbbe14f6bb34e45729108d5a9a007be%7C
72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636601427147563145&sdata=q0
XGyDUlS9dz9n25T5IrxtsbzyX6FIXTstxD7ZI0Exw%3D&reserved=0
Great.
- Roland
_______________________________________________
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
_______________________________________________
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)