DMarc Issues

Check SPF Record ( v=spf1 include:spf.protection.outlook.com -all )
Please ensure that this SPF record is published in your DNS records for the domain you’re using with Microsoft 365

Check and Enable DKIM Signing in Microsoft 365 (Without DKIM enabled, emails from your domain may fail DMARC checks)

Enable DKIM:
Go to the Microsoft 365 Defender portal at https://security.microsoft.com.
Select Email & collaboration > Policies & rules > Threat policies.
Under Policies, choose DKIM.
Select your domain and enable DKIM signing.
Enabling DKIM in Microsoft 365 may require you to add additional CNAME records to your DNS configuration.

Your DMARC record is set to p=quarantine, which tells receiving servers to quarantine messages that fail DMARC checks. However, the XML report shows p=none for the policy published, which could indicate a discrepancy or that some servers aren’t interpreting your quarantine policy correctly, confirm that your DMARC TXT record is correctly published

DMARC record sample: v=DMARC1; p=quarantine; pct=100; rua=mailto:email address removed for privacy reasons; ruf=mailto:email address removed for privacy reasons


Remember after making changes to SPF, DKIM, or DMARC records, it may take some time for DNS records to propagate. You can verify DNS records using tools like MXToolbox or DMARC Analyzer.


If you’re not receiving DMARC reports as expected, confirm that the rua and ruf emails specified in your DMARC record are correct and that your email server is not blocking these reports.