FrenchBlogDNS toolbox
FrenchBlogDNS toolbox
OFFERS
FrenchBlogDNS toolbox
FrenchBlogDNS toolbox
FrenchBlogDNS toolbox
OFFERS

Protect your onmicrosoft.com domain with DMARC

French version

When you installed your O365 tenant, maybe you forgot about it if it's been a while, Microsoft reserved a domain for you : 

  • xxxx.onmicrosoft.com (MOERA - Microsoft Online Email Routing Address).

For instance at Oppidum Security : oppidumsecurity.onmicrosoft.com

Your users can therefore receive e-mails on their addresses:

However, you probably don't use this domain to send email. Nevertheless, just like your defensive domains, you can protect it with DMARC by setting up a DMARC record:

  1. Open the Microsoft 365 admin center at https://admin.microsoft.com.
  2. On the left-hand navigation, select Show All.
  3. Expand Settings and press Domains.
  4. Select your tenant domain (for example, contoso.onmicrosoft.com).
  5. On the page that loads, select DNS records.
  6. Select + Add record.
  7. A flyout will appear on the right. Ensure that the selected Type is TXT (Text).
  8. Add _dmarc as TXT name.
  9. Add your specific DMARC value.
  10. Press Save.

For example, to monitor and protect our domain oppidumsecurity.onmicrosoft.com against spoofing of its email addresses, below is the DMARC record we have configured :

After the DMARC policy has been set to restrictive mode, an email spoofing a xx@oppidumsecurity.com address is automatically sent to the spam folder of our collaborators (other actions are possible like rejecting the email)

How to protect parked domains using SPF, DKIM and DMARC?​
Previous
How to protect parked domains using SPF, DKIM and DMARC?​
Next
Malicious IPs and Domains Take down
 Return to site
Cancel
All Posts
×

Almost done…

We just sent you an email. Please click the link in the email to confirm your subscription!

OK