![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 51%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEP%3C/text%3E%3C/svg%3E)
Microsoft 365 and Office | Other
Miscellaneous topics that do not fit into specific categories.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
The domain is valid - that's part of the current trend to consolidate Microsoft domains using the .microsoft top-level domain. More at https://learn.microsoft.com/en-us/microsoft-365/enterprise/cloud-microsoft-domain?view=o365-worldwide
'Dot brand' top-level domains like .microsoft enhance security, trustworthiness, and integrity. Microsoft has exclusive rights to the .microsoft top-level domain, enabling enhanced security protocols and governance controls to be applied across the entire domain hierarchy, starting from the top level. All experiences on the .microsoft domain are guaranteed to be legitimate and authentic, as Microsoft is the registry operator and sole registrant.
However, this does NOT imply that the email is legitimate.
First, Microsoft does not commonly send consumer or business security notifications from a bare security.microsoft address. Official Microsoft emails typically come from domains like microsoft.com, account.microsoft.com, microsoftsupport.com, or other well-established subdomains.
Second, the subject line you described — “OutlookSecurity-SecurityTrigger [token:-o365@auth-node] 9389kr” — is a major red flag. That format looks machine-generated in a way that mimics internal security systems, but legitimate Microsoft emails do not use random token strings and unusual formatting like that in subject lines. Phishing emails often include technical-sounding strings to appear authentic.
Third, attackers can spoof the visible “From” address. What you see in your email client is not proof that the message actually originated from Microsoft. Without checking full email headers (SPF, DKIM, DMARC authentication results), you can’t rely on the display address alone.
Fourth, even though .microsoft is a controlled dot-brand TLD, that does not prevent:
- Spoofed display names
- Compromised third-party mail systems
- Look-alike domains (for example
security-microsoft.com) - Forwarded phishing emails where the visible sender looks legitimate
Given the suspicious subject line and the unusual sending domain, your instinct that it’s not legitimate is very reasonable.
What you should do:
- Do not click any links in the email.
- Do not download attachments.
- Instead, manually go to https://account.microsoft.com or log into Outlook directly through your browser.
- Check your account activity there.
- If the email claims account compromise, verify via the official Microsoft Security page, not via the email link.
If you want to be more certain, you can check the full email headers and look for authentication results showing “SPF: pass,” “DKIM: pass,” and “DMARC: pass” for a Microsoft-controlled domain. If those fail or reference a non-Microsoft sending server, it’s phishing.
Based on what you’ve described, this strongly looks like a phishing attempt rather than a legitimate Microsoft security alert.
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin