This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Our IT team is battling a wave of phishing emails that is inundating users with nonstop "offers" of free gifts purportedly coming from Kohl's, Lowe's, etc. Since we have blocked their .bond and .live domains, the attackers have switched to using randomly-generated domain names from onmicrosoft.com. For example, ygthjgfhjfghf9.onmicrosoft.com. As soon as we block on specific subdomain, the attackers switch to a new one.
Microsoft, can you please work on blocking randomly-generated domains just being used for spamming?
Or, does anyone have any suggestions for selectively blocking domains that may have a legitimate purpose, but have malicious subdomains?
Managing security settings and protections in Outlook on the web for business
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 12%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER6%3C/text%3E%3C/svg%3E)
Defender 365? Sounds like an additional subscription that I don't have. Sorry I have no solution.
No, Microsoft's default spam filters aren't catching all of them. Some go to junk, but other times they go to the "Other" tab in the new Outlook client. We are setting up custom filters and blacklists in Windows Defender/Outlook settings for the entire organization to stop the emails from coming in at all, but blacklists can't beat randomly-generated subdomains when you want to allow the domain through.
I'm curious, what do you mean by "blocking". I'm seeing no option in Exchange online to block spam. I can only mark them as spam but they still arrive in Junk folder. Another question that I have is, where do they get delivered to? Inbox or Junk folder? SPF/DMARC/DKIM should've caught and placed them into Junk folder.