Mailing List Archive

Subdomain of a Microsoft domain name associated with a Microsoft
product? Microsoft would be the only 'registry'. Perhaps ask them?

It'd be a great thing, but i'm pretty sure it doesn't exist for public
consumption.

(would love to be proven wrong!)

On 8/03/2024 9:26 am, Nicholas Warren wrote:
>
> Is there a registry we can search to find the company behind a certain
> $domain [dot]onmicrosoft[dot] com domain?
>
> Thanks,
>
> Nich Warren
>

OSINT (aadinternals.com)<https://aadinternals.com/osint/>

________________________________
From: NANOG <nanog-bounces+rschoneman=blumenthalarts.org@nanog.org> on behalf of Nicholas Warren <nwarren@barryelectric.com>
Sent: Thursday, March 7, 2024 3:26 PM
To: nanog@nanog.org <nanog@nanog.org>
Subject: registry for onmicrosoft[dot]com

Is there a registry we can search to find the company behind a certain $domain [dot]onmicrosoft[dot] com domain? Thanks, Nich Warren ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
[cid:inky-injection-inliner-6f42d488d348cfcd86bff9497caf9f6a]
External (nwarren@barryelectric.com<mailto:nwarren@barryelectric.com>)
[cid:inky-injection-inliner-e139fa47ec195211cc9c6021e1c5e710]
Report This Email<https://protection.inkyphishfence.com/report?id=Ymx1bWVudGhhbC9yc2Nob25lbWFuQGJsdW1lbnRoYWxhcnRzLm9yZy9iYTcxOWNkYjEyZTI1Njg5YjQ3Mzc3NTUyMGUyZjk2Ni8xNzA5ODQzMzUxLjU=#key=d13e454769a7dd28969703ad622a83ab> FAQ<https://www.inky.com/banner-faq> Protection by INKY<https://www.inky.com/protection-by-inky>


Is there a registry we can search to find the company behind a certain $domain [dot]onmicrosoft[dot] com domain?



Thanks,

Nich Warren

The subdomain[dot]onmicrosoftp[dot]com domain seems to be almost 99%
spammers riding on Microsoft's reputation. I've given up on any real
email from those subdomains, and just block it completely.

Reputable companies using Microsoft cloud mail usually have their own
registered domains as return addresses.


On Thu, 7 Mar 2024, Nicholas Warren wrote:
> Is there a registry we can search to find the company behind a certain
> $domain [dot]onmicrosoft[dot] com domain?

Nope, almost certainly a bad actor who has registered a similar-sounding domain name in advance of launching some sort of cyberattack.

-DXS

> On Mar 7, 2024, at 2:08?PM, Mark Foster <blakjak@blakjak.net> wrote:
>
> ?
> Subdomain of a Microsoft domain name associated with a Microsoft product? Microsoft would be the only 'registry'. Perhaps ask them?
>
> It'd be a great thing, but i'm pretty sure it doesn't exist for public consumption.
>
> (would love to be proven wrong!)
>
> On 8/03/2024 9:26 am, Nicholas Warren wrote:
>> Is there a registry we can search to find the company behind a certain $domain [dot]onmicrosoft[dot] com domain?
>>
>> Thanks,
>> Nich Warren

This would be a company that has registered for an office365 account. Office 365 company accounts are registered as companyname [dot] onmicrosoft [dot] com. You then add domain aliases if you want to use your own preferred domain name.

Thanks
Travis

From: NANOG <nanog-bounces+tgarrison=netviscom.com@nanog.org> On Behalf Of Nicholas Warren
Sent: Thursday, March 7, 2024 2:26 PM
To: nanog@nanog.org
Subject: registry for onmicrosoft[dot]com

Is there a registry we can search to find the company behind a certain $domain [dot]onmicrosoft[dot] com domain?

Thanks,
Nich Warren

On Sat, 9 Mar 2024, Travis Garrison wrote:
> This would be a company that has registered for an office365 account. Office
> 365 company accounts are registered as companyname [dot] onmicrosoft [dot]
> com. You then add domain aliases if you want to use your own preferred
> domain name.

Microsoft "Know Your Customer"

Just a sampling of company names used for an office365 account.

n8uob4m[dot]onmicrosoft[dot]com
xenfx49[dot]onmicrosoft[dot]com
x1s2026[dot]onmicrosoft[dot]com
x109629[dot]onmicrosoft[dot]com
imojr5xnv0kp[dot]onmicrosoft[dot]com
x8v3o2f[dot]onmicrosoft[dot]com
xe9tb4w[dot]onmicrosoft[dot]com
x3xhw44[dot]onmicrosoft[dot]com
xbsyucm[dot]onmicrosoft[dot]com
plainhasga[dot]onmicrosoft[dot]com
hwmaevdc[dot]onmicrosoft[dot]com
xd2tvml[dot]onmicrosoft[dot]com

On Fri, 8 Mar 2024, Sean Donelan wrote:

> On Sat, 9 Mar 2024, Travis Garrison wrote:
>> This would be a company that has registered for an office365 account.
>> Office
>> 365 company accounts are registered as companyname [dot] onmicrosoft [dot]
>> com. You then add domain aliases if you want to use your own preferred
>> domain name.
>
> Microsoft "Know Your Customer"
>
> Just a sampling of company names used for an office365 account.
>
> n8uob4m[dot]onmicrosoft[dot]com
> xenfx49[dot]onmicrosoft[dot]com

header onmicrosoft_spammer From =~ /<\S+\@\S+\.onmicrosoft\.com>/
score onmicrosoft_spammer 15
describe onmicrosoft_spammer Reject mail from Microsoft spammer obfuscation service

After a bit of whack-a-mole with spam coming from various onmicrosoft.com
sub-domains, I arrived at the above, and haven't noticed any negative
effects.

----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
Blue Stream Fiber, Sr. Neteng | therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

On Sat, Mar 9, 2024 at 8:11?AM Travis Garrison <tgarrison@netviscom.com> wrote:
>
> This would be a company that has registered for an office365 account.

> Office 365 company accounts are registered as companyname [dot] onmicrosoft [dot] com.

The "companyname" part is evidently Not reliable. Often the name
[dot] onmicrosoft [dot] com is unrelated
to Any recognizable business or company name.

Companies can generate extra onmicrosoft[dot]com domain names.
Possibly an existing tenant for some unrelated company could add
nanog[dot]onmicrosoft[dot]com
and change it to their default domain, if they wanted.

Even if it were; the information could be tampered with on a compromised tenant
where the spammers simply change the names after breaching the tenant.

Likewise spammers might use robots to Signup for 365 services online, and
that there's little verification a requestor's Name and Company name exist
beyond the ability to charge whatever stolen payment method was
provided by the spammer.

Because it behaves like a dynamic domain; with very low friction for
scammers to
generate new ones quickly. It seems that Refusing all mail from subdomains of
that domain by default Other than specific ones you whitelist would
be a good policy.


> You then add domain aliases if you want to use your own preferred domain name.

> Thanks
> Travis
--
-JH

That’s the default domain for Exchange Online and Microsoft Azure AD identities. If the tenant is branded, it may show which company or organization that the onmicrosoft.com domain is associated to when someone tries to login to it with an application that is using Azure AD for SAML/OpenID connect.

In the context for Exchange Online, the onmicrosoft.com domain can be used as a routing mail domain if someone is still running a hybrid Exchange deployment in this age…

In any case, Microsoft has a trust and safety team you can talk to if it is causing issues…
________________________________
From: NANOG <nanog-bounces+nanoglist=v10networks.ca@nanog.org> on behalf of Jay Acuna <mysidia@gmail.com>
Sent: Saturday, March 9, 2024 8:26:44 AM
To: Travis Garrison <tgarrison@netviscom.com>
Cc: nanog@nanog.org <nanog@nanog.org>
Subject: Re: registry for onmicrosoft[dot]com

CAUTION: External Sender


On Sat, Mar 9, 2024 at 8:11?AM Travis Garrison <tgarrison@netviscom.com> wrote:
>
> This would be a company that has registered for an office365 account.

> Office 365 company accounts are registered as companyname [dot] onmicrosoft [dot] com.

The "companyname" part is evidently Not reliable. Often the name
[dot] onmicrosoft [dot] com is unrelated
to Any recognizable business or company name.

Companies can generate extra onmicrosoft[dot]com domain names.
Possibly an existing tenant for some unrelated company could add
nanog[dot]onmicrosoft[dot]com
and change it to their default domain, if they wanted.

Even if it were; the information could be tampered with on a compromised tenant
where the spammers simply change the names after breaching the tenant.

Likewise spammers might use robots to Signup for 365 services online, and
that there's little verification a requestor's Name and Company name exist
beyond the ability to charge whatever stolen payment method was
provided by the spammer.

Because it behaves like a dynamic domain; with very low friction for
scammers to
generate new ones quickly. It seems that Refusing all mail from subdomains of
that domain by default Other than specific ones you whitelist would
be a good policy.


> You then add domain aliases if you want to use your own preferred domain name.

> Thanks
> Travis
--
-JH

Microsoft's corporate email systems appear to silently drop email from
small domains (like mine). Yes, I jumped through the public hoops already.
Microsoft may have a great Trust and Safety Team, but their corporate
infrastructure doesn't seem to want to hear from outsiders.

If the increasing bad reputation of *.onmicrosoft.com eventually causes
sales/customer impact, then Microsoft's business decision makers may take
an interest in fixing it.

If enough people just block *.onmicrosoft.com, it may finally get
enough attention inside Microsoft to fix.

On Tue, 12 Mar 2024, Jeff Leung (List Account) via NANOG wrote:
> In any case, Microsoft has a trust and safety team you can talk to if it is
> causing issues…

It appears that Sean Donelan <sean@donelan.com> said:
>
>Microsoft's corporate email systems appear to silently drop email from
>small domains (like mine).

It can't be that simple -- I have some tiny domains and correspond with
Microsoft employees all the time.

R's,
John

Yep, just had another one. Email to local election office silently
vanishes because it uses Office365 Cloud email.

Needed to use Gmail instead.


On Tue, 12 Mar 2024, John Levine wrote:
> It appears that Sean Donelan <sean@donelan.com> said:
>>
>> Microsoft's corporate email systems appear to silently drop email from
>> small domains (like mine).
>
> It can't be that simple -- I have some tiny domains and correspond with
> Microsoft employees all the time.
>
> R's,
> John
>

> Yep, just had another one. Email to local election office silently
> vanishes because it uses Office365 Cloud email.

I believe they're throwing your mail away, but it's not just because
you're small. Like I said, I'm just as small and my mail gets there OK.

>
> Needed to use Gmail instead.
>
>
> On Tue, 12 Mar 2024, John Levine wrote:
>> It appears that Sean Donelan <sean@donelan.com> said:
>>>
>>> Microsoft's corporate email systems appear to silently drop email from
>>> small domains (like mine).
>>
>> It can't be that simple -- I have some tiny domains and correspond with
>> Microsoft employees all the time.
>>
>> R's,
>> John
>>
>
>

Regards,
John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

Microsoft is the only mail provider that exhibits this behiavor. And I've
heard the same thing from other people using small domains.

The Microsoft autobot response a few years ago said "the domain didn't
send enough emails." I don't know why I would send more emails to a
provider which doesn't deliver them.

Maybe Microsoft has reasons, but no customer service answer.

Gmail, Yahoo, and others don't have a problem.

Maybe Microsoft allows your small domain as an exception? In the mean
time, use Gmail or another cloud provider to get your email.


On Tue, 19 Mar 2024, John R. Levine wrote:
>> Yep, just had another one. Email to local election office silently
>> vanishes because it uses Office365 Cloud email.
>
> I believe they're throwing your mail away, but it's not just because you're
> small. Like I said, I'm just as small and my mail gets there OK.

> Maybe Microsoft allows your small domain as an exception? In the mean time,
> use Gmail or another cloud provider to get your email.

It may be because I have a few mailing lists that keep the volume up
enough to avoid falling off their radar.

It's kind of ironic that MS throws people's mail away since they send far
more mail that recipients want to throw away than either of their large
competitors. I've set up special filters that send everything from MS to
the spam trap if it's not on a static whitelist.

Regards,
John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly