registry for onmicrosoft[dot]com

• Previous message (by thread): registry for onmicrosoft[dot]com
• Next message (by thread): registry for onmicrosoft[dot]com
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

That’s the default domain for Exchange Online and Microsoft Azure AD identities. If the tenant is branded, it may show which company or organization that the onmicrosoft.com domain is associated to when someone tries to login to it with an application that is using Azure AD for SAML/OpenID connect.

In the context for Exchange Online, the onmicrosoft.com domain can be used as a routing mail domain if someone is still running a hybrid Exchange deployment in this age…

In any case, Microsoft has a trust and safety team you can talk to if it is causing issues…
________________________________
From: NANOG <nanog-bounces+nanoglist=v10networks.ca at nanog.org> on behalf of Jay Acuna <mysidia at gmail.com>
Sent: Saturday, March 9, 2024 8:26:44 AM
To: Travis Garrison <tgarrison at netviscom.com>
Cc: nanog at nanog.org <nanog at nanog.org>
Subject: Re: registry for onmicrosoft[dot]com

CAUTION: External Sender


On Sat, Mar 9, 2024 at 8:11 AM Travis Garrison <tgarrison at netviscom.com> wrote:
>
> This would be a company that has registered for an office365 account.

> Office 365 company accounts are registered as companyname [dot] onmicrosoft [dot] com.

The "companyname" part is evidently Not reliable.   Often the  name
[dot] onmicrosoft [dot] com is unrelated
to Any recognizable business or company name.

Companies can generate extra  onmicrosoft[dot]com  domain names.
Possibly an existing tenant for some unrelated company could add
nanog[dot]onmicrosoft[dot]com
and change it to their default domain, if they wanted.

Even if it were; the information could be tampered with on a compromised tenant
where the spammers simply change the names after breaching the tenant.

Likewise spammers might use robots to Signup for 365 services online, and
that there's little verification a requestor's Name and Company name exist
beyond the ability to charge whatever stolen payment method was
provided by the spammer.

Because it behaves like a dynamic domain;  with very low friction for
scammers to
generate new ones quickly.  It seems that  Refusing all mail from subdomains of
that domain  by default Other than specific ones you whitelist would
be a good policy.


> You then add domain aliases if you want to use your own preferred domain name.

> Thanks
> Travis
--
-JH
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20240312/3d1fc358/attachment.html>

• Previous message (by thread): registry for onmicrosoft[dot]com
• Next message (by thread): registry for onmicrosoft[dot]com
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]