The DMARC record is used to authenticate mail to ensure that the message is not fraudulent. More about mail authentication in Office 365 in my other article How to secure your email with SPF, DKIM and DMARC.
But did you know that you can also set a DMARC record for the default onmicrosoft.com domain, the so-called MOERA (Microsoft Online Email Routing Address) domain?
Create DMARC record for your onmicrosoft.com domain
Go to the Microsoft 365 Admin Center and select Settings – Domains from the left menu. Open your MOERA domain with the domain extension onmicrosoft.com in the domain list.
Switch to the DNS records tab and add a new DNS record of type TXT. Set the record name to
_dmarc and set the value to
v=DMARC1; p=reject; pct=100.
You can add other options to the DMARC record value, such as where to send reports, etc. More in my article linked above. But this provided basis is sufficient. This protects your MOERA domain from spoofing.