Keep your Microsoft Online Email Routing Address secure with Red Sift OnDMARC

Every Microsoft 365 tenant includes a default domain in the format tenantname.onmicrosoft.com. This is known as the Microsoft Online Email Routing Address (MOERA).

What many don’t realize is that attackers have started using these domains to impersonate organizations in phishing attacks. If left unmonitored, MOERA domains can become a blind spot in your email security.

DMARC: Your best line of defense

The good news is you can stay protected thanks to Domain-based Message Authentication, Reporting & Conformance (DMARC). DMARC is an essential email security measure for protecting your outbound communications, and that includes protecting your default Microsoft domain (onmicrosoft.com). Failure to act could leave your domain unprotected, leading to spoofing attempts. 

For existing customers, we recommend that you add this domain to your OnDMARC account and create a DMARC record for it just like you would for your other domains. Microsoft will take care of SPF and DKIM for you and you can then add your OnDMARC reporting address into the DMARC record. 

Please note

Due to the way this domain is hosted at Microsoft, you will not be able to use Dynamic Services, but you can still set up a manual DMARC record.

For instructions on how to modify the DNS records of your MOERA domain, refer to Microsoft’s instructions here and use the same DMARC record you entered in any of the other domains in your Red Sift OnDMARC account. We also recommend setting it to an enforcement policy of quarantine or reject

Have any questions? Raise a ticket with our support team.

Not a Red Sift OnDMARC user? Start your 14-day free trial today.

PUBLISHED BY

Faisal Misle

26 Mar. 2025

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
ASM

Zoom stops zooming: Why active monitoring is essential

Billy McDiarmid

​On April 16, 2025, Zoom experienced a significant global outage that disrupted video conferencing services and access to its website for thousands of users, as well as their corporate email for all their employees. It was quickly identified as a domain name registration status problem. Despite being a critical name for Zoom, somehow, the…

Read more
DMARC

Why DMARC matters: Protect your organization from evolving phishing threats

Jack Lilley

Phishing campaigns continue to change. Attackers are adapting faster than traditional security tools, using more subtle methods to bypass filters and reach inboxes. The latest KnowBe 4 Phishing Threat Trends Report (2025) shows a steady increase in attacks that slip through email security platforms and a growing use of techniques that avoid detection, increasing…

Read more
News

Red Sift OnDMARC joins the Jisc Chest platform to strengthen email security…

Francesca Rünger-Field

With the National Cyber Security Centre’s (NCSC) Mail Check tool having retired its free DMARC reporting service in March 2025, education and research institutions across the UK are now facing a critical visibility gap when it comes to email-based threats. To help address this, Red Sift is now working with Jisc—the UK’s not-for-profit provider…

Read more
News

Microsoft announces new email requirements for bulk senders

Red Sift

Executive Summary: New email authentication rules from Microsoft will impact bulk senders starting May 2025. To protect users from spoofing and phishing, Microsoft will require SPF, DKIM, and DMARC authentication—bringing its policies in line with Google and Yahoo. Red Sift offers tools to help organizations comply and maintain deliverability. This article: Microsoft has officially…

Read more