Keep your Microsoft Online Email Routing Address secure with Red Sift OnDMARC

Every Microsoft 365 tenant includes a default domain in the format tenantname.onmicrosoft.com. This is known as the Microsoft Online Email Routing Address (MOERA).

What many don’t realize is that attackers have started using these domains to impersonate organizations in phishing attacks. If left unmonitored, MOERA domains can become a blind spot in your email security.

DMARC: Your best line of defense

The good news is you can stay protected thanks to Domain-based Message Authentication, Reporting & Conformance (DMARC). DMARC is an essential email security measure for protecting your outbound communications, and that includes protecting your default Microsoft domain (onmicrosoft.com). Failure to act could leave your domain unprotected, leading to spoofing attempts. 

For existing customers, we recommend that you add this domain to your OnDMARC account and create a DMARC record for it just like you would for your other domains. Microsoft will take care of SPF and DKIM for you and you can then add your OnDMARC reporting address into the DMARC record. 

Please note

Due to the way this domain is hosted at Microsoft, you will not be able to use Dynamic Services, but you can still set up a manual DMARC record.

For instructions on how to modify the DNS records of your MOERA domain, refer to Microsoft’s instructions here and use the same DMARC record you entered in any of the other domains in your Red Sift OnDMARC account. We also recommend setting it to an enforcement policy of quarantine or reject

Have any questions? Raise a ticket with our support team.

Not a Red Sift OnDMARC user? Start your 14-day free trial today.

PUBLISHED BY

Faisal Misle

26 Mar. 2025

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
BEC

The threat of Business Email Compromise in US healthcare

Jack Lilley

Executive summary: Business Email Compromise is siphoning billions from U.S. healthcare by exploiting human trust instead of software flaws. Spoofed or hijacked messages authorize fraudulent payments, spark ransomware, and expose patient data—causing crippling financial, operational, and compliance damage. Deploying DMARC, MFA, and rigorous multi-person payment checks is now critical. 3 key takeaways Business Email…

Read more
Email

Cloudflare selects Red Sift as a preferred partner to provide DMARC and…

Rebecca Warren

AI-generated email attacks are rapidly growing in scale and sophistication, demanding stronger defenses from at-risk organizations. Starting today, Red Sift is excited to announce a new strategic partnership with Cloudflare, the leading connectivity cloud company, to deliver its market-leading email security application, Red Sift OnDMARC, to a broader global audience.  Today’s alignment enhances Cloudflare’s…

Read more
Cybersecurity

New Zealand moves to mandate DMARC enforcement

Jack Lilley

Executive summary: New Zealand’s Secure Government Email Framework mandates DMARC at p=reject—plus hard-fail SPF, universal DKIM, enforced MTA-STS, and TLS-RPT—by October 2025. The rules replace SEEMail, curb soaring phishing losses, and will affect every organization that emails the public sector. Key takeaways: The New Zealand Government has recently published the Secure Government Email (SGE) Common…

Read more
BEC

DMARC: The best ROI for your organization

Jack Lilley

Executive summary: Implementing DMARC delivers one of the clearest, fastest returns on investment in email security. By authenticating outgoing mail and blocking spoofed messages, DMARC cuts the direct costs of phishing and Business Email Compromise, safeguards brand reputation, and boosts deliverability—ultimately driving revenue and trimming operational workload. Key takeaways: Email is a critical communication tool for…

Read more