The DMARC record is used to authenticate mail to ensure that the message is not fraudulent. More about mail authentication in Office 365 in my other article How to secure your email with SPF, DKIM and DMARC.

But did you know that you can also set a DMARC record for the default domain, the so-called MOERA (Microsoft Online Email Routing Address) domain?

Create DMARC record for your domain

Go to the Microsoft 365 Admin Center and select Settings – Domains from the left menu. Open your MOERA domain with the domain extension in the domain list.

Switch to the DNS records tab and add a new DNS record of type TXT. Set the record name to _dmarc and set the value to v=DMARC1; p=reject; pct=100.

You can add other options to the DMARC record value, such as where to send reports, etc. More in my article linked above. But this provided basis is sufficient. This protects your MOERA domain from spoofing.