Microsoft has issued a significant advisory to organizations utilizing the onmicrosoft.com domain for their email communications. The tech giant is urging these companies to transition to a custom domain or risk facing email throttling, a move that could disrupt their operations.
Some opt to stick with the onmicrosoft.com domain, and these impending changes could have a severe impact …
Starting October 15, Microsoft will implement restrictions that limit email delivery to 100 external recipients per organization within a rolling 24-hour window. This initiative will roll out progressively, beginning with tenants that have fewer than three seats and extending to those with over 10,001 seats by June 2026.
The motivation behind this policy shift stems from the increasing exploitation of the onmicrosoft.com domain by spammers. These malicious actors can create new tenants and rapidly dispatch spam emails before Microsoft can take action, which ultimately tarnishes the reputation of this shared domain. As Microsoft articulates, such activities “degrade this shared domain’s reputation.”
The onmicrosoft.com domain, along with similar domains like onmicrosoft.de, is automatically assigned when a new Microsoft 365 tenant is established. This setup allows administrators to swiftly test connectivity and create users. However, the expectation is that organizations will subsequently adopt their own custom domains. Unfortunately, some organizations have chosen to remain with the onmicrosoft.com domain, putting them at risk of the impending changes.
Organizations currently relying on a Microsoft Online Email Routing Address (MOERA) domain are now on notice that a migration is imperative. They must secure a custom domain, ensure that non-test emails exclusively utilize this new domain, and change the tenant’s default domain from the MOERA to the custom domain. Additionally, mailboxes will require updates to their primary SMTP addresses to reflect the custom domain alias. This adjustment may lead to complications, particularly if altering the primary SMTP address affects the username, necessitating credential updates across various devices and applications.
While Microsoft’s intentions behind these changes are commendable, they may inadvertently increase the workload for administrators already managing a range of products nearing the end of their support cycles, including several versions of Windows 10. Organizations still using a MOERA domain must carefully incorporate this migration into their planning to avoid encountering the new email limits.
