Tel: (+61) 422 933 319

Email: [email protected]

Facebook

Twitter

LinkedIn

Kicksec logo
letter, e-mail, mail, hand, write, contact, glut, spam, internet, communication, digital, news, computer, networking, computer science, information, post office, transfer, envelope, network, spam, spam, spam, spam, spam

Onmicrosoft domains are a Spammers “pot o’ Gold”

Posted in :

kicksec.IO

Onmicrosoft domains are a Spammers “pot o’ Gold” , something that was raised just recently via a partner of mine regarding spam.

Introduction to OnMicrosoft

For those who do not know, all Microsoft email customers and “cloud” clients in general have something called an on Microsoft Domain address, it is how web traffic etc knows where to send your request as a Microsoft customer.

This domain is always: Something.Onmicrosoft.com with the something being a seemingly random character string.

You can always connect to your tenant using the onmicrosoft.com address to test this out unless there is some DNS filtering going on.

The smart ones in the room can already start to see that every Microsoft 365 customer having an @Something.OnMicrosoft.com address would get pretty confusing and not very brand aware – except in Vietnam, where most businesses still use a @gmail.com address!

Luckily DNS has us covered here and has done for a very long time through an alias or CNAME record which helps us by allowing Kicksec.io to be the friendly domain name to be used and all requests for Kicksec.io including email to be directed to Kicksec.onmicrosoft.com instead.

The problem

When organisations set up their new M365 domains and correctly configure their email to use their nice and shiny custom domain, behind the scenes can still exist the original onmicrosoft.com email addresses, this leaves all sorts of possibilities when you might have set up your email security through DMARK (DKIM and SPF) for kicksec.io emails but have done nothing for kicksec.onmicrosoft.com.

This can lead to spammers using your domain for nefarious purposes which will cause to your “reputation” for emailing, this is a very important thing now with both Yahoo and Google seriously blocking emails from bad reputation domains to lower the number of spam messages.

Solution

The solution here is an easy one and it pays to configure this as soon as you can, first it will give you piece of mind that your email domains are not being used for spammers and second will help ensure that you don’t end up on a block list, there are many resources to assist here and here is one that I like to recommend.

As always please reach out here if you have any questions and as always “stay safe from cyber crime”!

,

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Registration

Forgotten Password?