DMARC for Office 365
DMARC, or Domain-based Message Authentication, Reporting & Conformance, is a protocol for ensuring that email is sent from legitimate domains. DMARC is one of the most effective ways of protecting against phishing attacks, domain spoofing and other email-based threats.
DMARC builds on the widely used SPF and DKIM protocols for authenticating email. To pass a DMARC check, an email must authenticate with SPF and/or DKIM. Additionally, DMARC requires that all the information about the sender within the message is aligned, which helps to block email where attackers spoof the "From" header of trusted organizations. Finally, the DMARC record stipulates what the recipient of an email should do with the message if authentication fails.
DMARC is an essential tool for organizations using Microsoft Office 365. While DMARC in Office 365 is enabled for inbound emails by default, organizations that use their own domain must manage DMARC monitoring on their own and configure their own DMARC records.
Unfortunately, implementing and managing DMARC in Office 365 is just as complicated as configuring it for any other email provider. Because DMARC builds on SPF and DKIM, email administrators must ensure that their SPF record and DKIM record are up-to-date and properly authorized. Before establishing and enforcing a DMARC policy, administrators must identify all the email senders using their domains, including third-parties legitimately sending email on their behalf. Many organizations have hundreds of domains, including many they aren't aware of. To avoid a situation where legitimate emails fail the DMARC test, organizations often spend months monitoring activity and digesting voluminous and complex DMARC reports before enabling a DMARC reject policy.
There is no native tool for monitoring or managing DMARC in Office 365. For organizations that want to simplify deployment and streamline management of DMARC, Mimecast offers an easy-to-use solution that integrates easily with Office 365.
Office 365 and DMARC Analyzer
Mimecast DMARC Analyzer is a SaaS-based solution that reduces the cost, complexity and time required to implement and manage DMARC in Office 365. DMARC analyzer acts as an expert guide, providing step-by-step instructions that help you move toward a reject policy as quickly as possible.
In contrast to other DMARC solutions, DMARC Analyzer offers simple and effective self-service tools that eliminate the need for expensive ongoing professional services. DMARC enables email administrators to:
- Enjoy 360° visibility and governance across all email channels, providing a more efficient way to shut down spoofing attempts and monitor the Office 365 environment.
- Easily publish DMARC records on the gateway with self-service email intelligence tools.
- Simplify enforcement and monitor ongoing performance with user-friendly alerts, reports and charts.
- Receive personalized DMARC records and reports on spoofing within an Office 365 instance.
Benefits of DMARC Analyzer for Office 365
With DMARC Analyzer, you can monitor and manage DMARC in Office 365 with:
- SPF/DKIM/DMARC record check services that help to uncover potential errors in syntax and content that could affect mail delivery.
- Forensic reports that help to identify and track down the sources of malicious email.
- A DMARC record setup wizard to create DMARC records.
- Unlimited users, domains and domain groups to ensure coverage of DMARC authentication.
- Summary reports for tracking progress that are issued daily, weekly and monthly.
- Two-factor authentication to improve security.
- Tools to monitor DNS changes and to receive proactive alerts when a DNS record is altered.
- Easy-to-read aggregate reports and charts for faster analysis of DMARC performance and enforcement of DMARC policy.
- Optional managed services offered by Mimecast specialists with expertise in deployment and project management that can help to minimize risk and provide the fastest path to DMARC enforcement.
Additional Mimecast solutions for Office 365
Mimecast's solution for managing DMARC in Office 365 is part of a suite of services that help to achieve cyber resilience for Office 365 by maximizing security, simplifying archiving and ensuring continuity.
Mimecast offers integrated service bundles for Office 365 that are designed for and delivered 100% in the cloud. This Mimecast Office 365 solution includes:
- Best-in-breed email and web security for known and advanced threats, including spear-phishing attacks, ransomware, zero-day attacks, malware, spam and many others.
- A compliant archive for enterprise information that provides lightning fast search and easy case management for e-discovery.
- Perpetual mail storage for instant recoverability.
- Mail continuity that provides access to live email and archives even during outages.
- Migration tools that reduce the risk and effort of moving to Office 365.
FAQs: Do I need DMARC in Office 365?
Do I need DMARC in Office 365?
Yes. DMARC is the industry standard for email authentication and is essential to email security in Microsoft Office 365. DMARC is enabled by default for inbound email in Office 365, but organizations must manage their own configuration for outbound email from a custom domain.
What are the challenges of managing DMARC in Office 365?
Office 365 offers no native technology for configuring, monitoring or managing DMARC. Yet these tasks can be quite complex and time-consuming, and any mistakes in configuring DMARC records can result in many legitimate emails being blocked.
What is DMARC Analyzer?
Mimecast DMARC Analyzer provides an easy-to-use solution that dramatically simplifies DMARC deployment projects. DMARC Analyzer has designed everything to make these tasks as easy as possible, providing self-service tools that eliminate the need for help from professional services at every stage. With DMARC analyzer, email administrators get the 360° visibility into email channels required to make sure legitimate email is not blocked by a DMARC reject policy.
How to implement DKIM and DMARC in Office
Implementing DKIM and DMARC in Office 365 is a potentially highly time-consuming, error-prone process. Because DMARC builds on SPF and DKIM, email administrators must ensure that their SPF record and DKIM record are up-to-date and properly authorized. Before establishing and enforcing a DMARC policy, administrators must identify all the email senders using their domains, including third-parties legitimately sending email on their behalf.
Mimecast offers an easy-to-use solution that integrates easily with Office 365 to greatly streamline this manual process.