Microsoft Announces New DMARC Policy Handling Defaults for Enhanced Email Security
Listen to this blog post below
DMARC has always been a robust email authentication tool. Microsoft’s latest announcement honoring senders’ DMARC policy settings is a significant step in enhancing email security for Microsoft email users.
DMARC has been an efficient email authentication tool for a long time, providing reliable email security for numerous users. However, Microsoft had not been leveraging its capabilities for its email users until recently. With a new announcement recently, In an effort to prevent phishing and other email-based threats such as spoofing, Microsoft has made the conscious decision to respect the DMARC policy settings of its email users. This step will drastically bolster the email security of its users, providing a stronger line of defense against malicious activities.
What is DMARC?
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an efficient email authentication tool used widely. It enables senders of emails to instruct servers what to do with emails sent purportedly from their domain names but fail authentication. Thus, users can enhance their email security with DMARC authentication to protect their valuable information from spoofing and phishing attempts by malicious actors.
What is a DMARC Policy?
A DMARC policy is part of a DMARC setup that instructs the servers on what action to take concerning the emails that fail authentication. There are three significant policies:
- p=none: The server performs no restrictive measures on the unauthenticated email.
- p=quarantine: The server will neither allow the unauthenticated email to enter the inbox nor reject it entirely but will move it into the spam folder instead.
- p=reject: The server will reject the unauthenticated email.
About Microsoft’s New DMARC Policy Handling Announcement
On July 19, 2023, Microsoft announced its change of rule in handling the DMARC policies of its users who use Microsoft email services to send emails. Previously, Microsoft treated the ‘p=reject’ policy set by its users as the same as the ‘p=quarantine’ policy. It means that even if the users request to reject emails that don’t pass DMARC authentication, Microsoft would not reject it and instead only quarantines it and moves it to the junk or spam folder. It means that the email still enters the receiver’s email account spaces.
However, the new DMARC policy handling defaults announced by Microsoft state that it will hereafter reject all emails that fail DMARC authentication if the policy is set to either ‘p=reject’ or ‘p=quarantine.’ Nevertheless, the new rule will not work by default if the MX record in the tenant recipient’s domain refers to a third-party email security service. The user can, however, overcome it by activating ‘enhanced filtering for connectors.’
Implications for Consumer and Enterprise Users
The new DMARC policy handling rule by Microsoft works slightly differently for consumer users and enterprise users:
Implication for Consumer Users
For consumer users who use Microsoft email services like MS Outlook, Live, or Hotmail, any email failing DMARC authentication will be rejected summarily if the DMARC policy is set to either ‘p=reject’ or ‘p=quarantine.’
Thus, even for the ‘p=quarantine’ policy, the unauthenticated email will not even enter the junk or spam box of the recipient. Instead, it will be entirely prevented from entering the email storage, thus eliminating even the minutest chances of malicious infiltration from threat actors.
Implication for Enterprise Users
The new rule will allow enterprise users to choose whether to reject or quarantine an email that fails DMARC authentication. It will be based on whether the policy is set for ‘p=reject’ or ‘p=quarantine,’ respectively.
How Does the New Reform Enhance Email Security?
DMARC is a robust email authentication tool. However, previously, Microsoft used to ignore the DMARC policy settings by users and relied on its security settings. Hence, even if Microsoft users relied on DMARC, they would not receive any benefit from it. However, with the new announcement. Microsoft has decided to honor the DMARC policy set by a sender to reject an email that fails authentication.
This new move will increase the number of rejected emails that do not pass DMARC authentication. While earlier, many emails used to enter at least the spam folder, the new rule will entirely reject such emails and prevent them from entering any section of the user’s email storage. Thus, Microsoft security, combined with DMARC security, is geared up to significantly enhance its users’ total email security.
Final Words
DMARC has been a proven tool for efficient email authentication. Now with the new DMARC policy handling defaults from Microsoft, email users can be assured of their email security getting significantly enhanced. It will result in better rejection rates of unwanted emails and protect the users from malicious threats like spoofing and phishing to a much larger extent.
