Keep your Microsoft Online Email Routing Address secure with Red Sift OnDMARC

Every Microsoft 365 tenant includes a default domain in the format tenantname.onmicrosoft.com. This is known as the Microsoft Online Email Routing Address (MOERA).

What many don’t realize is that attackers have started using these domains to impersonate organizations in phishing attacks. If left unmonitored, MOERA domains can become a blind spot in your email security.

DMARC: Your best line of defense

The good news is you can stay protected thanks to Domain-based Message Authentication, Reporting & Conformance (DMARC). DMARC is an essential email security measure for protecting your outbound communications, and that includes protecting your default Microsoft domain (onmicrosoft.com). Failure to act could leave your domain unprotected, leading to spoofing attempts. 

For existing customers, we recommend that you add this domain to your OnDMARC account and create a DMARC record for it just like you would for your other domains. Microsoft will take care of SPF and DKIM for you and you can then add your OnDMARC reporting address into the DMARC record. 

Please note

Due to the way this domain is hosted at Microsoft, you will not be able to use Dynamic Services, but you can still set up a manual DMARC record.

For instructions on how to modify the DNS records of your MOERA domain, refer to Microsoft’s instructions here and use the same DMARC record you entered in any of the other domains in your Red Sift OnDMARC account. We also recommend setting it to an enforcement policy of quarantine or reject

Have any questions? Raise a ticket with our support team.

Not a Red Sift OnDMARC user? Start your 14-day free trial today.

PUBLISHED BY

Faisal Misle

26 Mar. 2025

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
AI

Staying ahead of AI-powered brand impersonation

Rahul Powar

Executive summary: AI has supercharged brand impersonation, with Q2 2024 seeing nearly half of all processed emails containing spoofing or phishing attempts—40% of which were AI-generated. The scale, speed, and sophistication of these attacks are overwhelming security teams, draining resources on false positives, and leaving critical threats undetected. Consumers are unforgiving when trust is…

Read more
BEC

What is email spoofing and how can you prevent it?

Faisal Misle

Executive summary: Email spoofing is a growing cyber threat where attackers forge the sender’s address to impersonate trusted sources, enabling phishing, business email compromise, and financial fraud. Because legacy email protocols like SMTP lack strong authentication, spoofing can bypass traditional filters. Organizations can mitigate this risk by implementing robust email authentication measures, especially DMARC.…

Read more
Email

What is social engineering and how can you prevent it?

Jack Lilley

Executive summary: Email phishing has evolved and criminals now use social engineering to impersonate executives, suppliers, and even government agencies, persuading recipients to approve payments or disclose credentials. Because human judgment sits at the heart of these attacks, technical controls that eliminate spoofed messages before they reach the inbox are essential. DMARC provides that…

Read more
Cybersecurity

Attackers are abusing Microsoft 365: Here’s how to stay protected

Jack Lilley

Executive summary: Varonis has surfaced an active phishing campaign that spoofs internal users by abusing Microsoft 365’s Direct Send feature. Because Direct Send doesn’t require authentication and is treated as “internal,” these messages often bypass the checks you rely on for outside mail. Microsoft now offers an opt-in switch, RejectDirectSend, to block the pathway,…

Read more