nanog mailing list archives
Re: registry for onmicrosoft[dot]com
From: "Jeff Leung \(List Account\) via NANOG" <nanog () nanog org>
Date: Tue, 12 Mar 2024 00:44:13 +0000
That’s the default domain for Exchange Online and Microsoft Azure AD identities. If the tenant is branded, it may show which company or organization that the onmicrosoft.com domain is associated to when someone tries to login to it with an application that is using Azure AD for SAML/OpenID connect. In the context for Exchange Online, the onmicrosoft.com domain can be used as a routing mail domain if someone is still running a hybrid Exchange deployment in this age… In any case, Microsoft has a trust and safety team you can talk to if it is causing issues… ________________________________ From: NANOG <nanog-bounces+nanoglist=v10networks.ca () nanog org> on behalf of Jay Acuna <mysidia () gmail com> Sent: Saturday, March 9, 2024 8:26:44 AM To: Travis Garrison <tgarrison () netviscom com> Cc: nanog () nanog org <nanog () nanog org> Subject: Re: registry for onmicrosoft[dot]com CAUTION: External Sender On Sat, Mar 9, 2024 at 8:11 AM Travis Garrison <tgarrison () netviscom com> wrote:
This would be a company that has registered for an office365 account.
Office 365 company accounts are registered as companyname [dot] onmicrosoft [dot] com.
The "companyname" part is evidently Not reliable. Often the name [dot] onmicrosoft [dot] com is unrelated to Any recognizable business or company name. Companies can generate extra onmicrosoft[dot]com domain names. Possibly an existing tenant for some unrelated company could add nanog[dot]onmicrosoft[dot]com and change it to their default domain, if they wanted. Even if it were; the information could be tampered with on a compromised tenant where the spammers simply change the names after breaching the tenant. Likewise spammers might use robots to Signup for 365 services online, and that there's little verification a requestor's Name and Company name exist beyond the ability to charge whatever stolen payment method was provided by the spammer. Because it behaves like a dynamic domain; with very low friction for scammers to generate new ones quickly. It seems that Refusing all mail from subdomains of that domain by default Other than specific ones you whitelist would be a good policy.
You then add domain aliases if you want to use your own preferred domain name.
Thanks Travis
-- -JH
Current thread:
- registry for onmicrosoft[dot]com Nicholas Warren (Mar 07)
- Re: registry for onmicrosoft[dot]com Mark Foster (Mar 07)
- Re: registry for onmicrosoft[dot]com Dan Sneddon (Mar 08)
- Re: registry for onmicrosoft[dot]com Robert Schoneman via NANOG (Mar 08)
- Re: registry for onmicrosoft[dot]com Sean Donelan (Mar 08)
- RE: registry for onmicrosoft[dot]com Travis Garrison (Mar 08)
- RE: registry for onmicrosoft[dot]com Sean Donelan (Mar 08)
- RE: registry for onmicrosoft[dot]com Jon Lewis (Mar 08)
- Re: registry for onmicrosoft[dot]com Jay Acuna (Mar 09)
- Re: registry for onmicrosoft[dot]com Jeff Leung (List Account) via NANOG (Mar 12)
- Re: registry for onmicrosoft[dot]com Sean Donelan (Mar 12)
- Re: registry for onmicrosoft[dot]com John Levine (Mar 12)
- Re: registry for onmicrosoft[dot]com Sean Donelan (Mar 19)
- Re: registry for onmicrosoft[dot]com John R. Levine (Mar 19)
- Re: registry for onmicrosoft[dot]com Sean Donelan (Mar 19)
- Re: registry for onmicrosoft[dot]com John R. Levine (Mar 19)
- RE: registry for onmicrosoft[dot]com Sean Donelan (Mar 08)
- Re: registry for onmicrosoft[dot]com Mark Foster (Mar 07)