MOERA domains for email
When a organization creates a new tenant in Microsoft 365, an onmicrosoft.com domain (or similar default domain like onmicrosoft.de) is provided. These MOERA (Microsoft Onli...
Updated Aug 28, 2025
Version 4.0
Blog Post
Thank you for the announcement and timeline(although odd I do not find an MC post for this non-trivial change), a few initial concerns do pop to mind though.
- Will this change impact External Postmaster emails?
That is by default set to mailto:postmaster@defaultDomain, which without Admin customization is initialDomain.onmicrosoft.com MOERA domain
NDR will also contain initial email attached, if the initial email has malicious content or simply a malicious domain in headers, this could have adverse impact on the external postmaster domain reputation. - How are MOERA domains relevant for https://learn.microsoft.com/en-us/microsoft-365/admin/email/select-domain-to-use-for-email-from-microsoft-365-products?view=o365-worldwide?
This feature refers to switching from default Microsoft Domains used to send automated service communications to an Organization Domain.
Based on my experience, I can't think of any of these notifications being sent from *@InitialDomain.onmicrosoft.com.
This change is only about throttling outbound traffic, so presumably SRS would be applied for all such emails being redirected to external recipients, so this to my mind with circle back to updating default domain to be an organization owned domain.
Also, updating default notification domain for a large organization is not a straightforward task, cannot begin to think how many pieces of automation that rely on email could start to break when changing the sender of these emails. - Default Domain always used for SRS, we cannot fully control quality of emails we autoforward.
What we autoforward does not go through entire filtering stack, so presumably our Default Domain reputation could be impacted based on traffic we cannot fully control.
Should there recommendation here be that the default domain is not actually the main organization domain? - If this change is meant to crack down in Spammers abusing trial tenants, why will this be enforced for organizations with over 10k EXO Subscriptions?
SeanMSFT
Microsoft
MicrosoftThank you alexandruliviunita for the detailed write up.
- NDRs are sent with a P1 Mail From address set to Null. Those messages messages would not be subject to this throttling. While we cannot comment on how 3rd parties determine reputation, but hopefully they had taken steps not to be gamed by that backscatter attack. That said, customers should change any instances where their onmicrosoft.com domains are used including External Postmaster address for completeness.
- For the Microsoft Notifications from your own domain, 1) As part of the overall effort to move away from using MOERA domains, customers should make sure the address is one using their custom domain, and 2) SRS will not be triggered for messages forwarded externally for these domains because the domain is still one attached to your organization. SRS only rewrites external addresses.
- That is an interesting point. If you are worried about affecting reputation through forwarding, then you would need to register a separate customer domain to take the place of your onmicrosoft.com domain and keep the isolation you seek. I've never heard of forwarding having an effect of reputation and there are mechanisms such as ARC which we support that may help 3rd parties avoid punishing you for forwarded mail.
- This is not just about tackling spammers and we want to encourage all customers to take responsibility for their own branding and reputation.