What the heck is contoso.com? Have you seen this domain show up in your email lists or customer database? I recently noticed this domain showing up in the DMARC reporting configuration for almost 50 different domains.
Is it valid for email? Doubtful. It does have an MX record, and you can connect to it, but it seems to defer attempts to send mail to various addresses there with an error: 451 4.4.4 Mail received as unauthenticated, incoming to a recipient domain configured in a hosted tenant which has no mail-enabled subscriptions.
This is an example domain owned by Microsoft, used instead of "example.com" in various documentation. A number of non-technically-savvy folks blindly copied and pasted this domain into their DMARC records, because it shows up in at least one DMARC record configuration example.
And as far as marketing senders are confirmed, because there are no seemingly legitimate references online to mailboxes at this domain, and the domain does not represent a real brand or company, it's safe to block any attempts to send email to it.
As I mentioned above, this domain (and subdomains rua.contoso.com and ruf.contoso.com) appear in just about 50 different DMARC records for various domains, found when scanning the top ten million domains, and I suspect, even more less popularly ranked domains. These DMARC records are malformed; since contoso.com isn't a DMARC reporting system, you shouldn't use contoso.com in a reporting address (RUA or RUF) in your DMARC record. And the subdomains ruf.contoso.com and rua.contoso.com (also found in example DMARC records) do not exist in DNS. DMARC record checkers, you might want to watch for and warn users, if you find this domain embedded in any DMARC record checked.
What the heck is contoso.com? Have you seen this domain show up in your email lists or customer database? I recently noticed this domain showing up in the DMARC reporting configuration for almost 50 different domains.
Is it valid for email? Doubtful. It does have an MX record, and you can connect to it, but it seems to defer attempts to send mail to various addresses there with an error: 451 4.4.4 Mail received as unauthenticated, incoming to a recipient domain configured in a hosted tenant which has no mail-enabled subscriptions.
This domain only shows up in various Microsoft support documents explaining how to configure different things for your domain (like DMARC here), and many admins and users have confirmed that it is a demo domain, because Contoso is a fictional company used in Microsoft documentation.
This is an example domain owned by Microsoft, used instead of "example.com" in various documentation. A number of non-technically-savvy folks blindly copied and pasted this domain into their DMARC records, because it shows up in at least one DMARC record configuration example.
And as far as marketing senders are confirmed, because there are no seemingly legitimate references online to mailboxes at this domain, and the domain does not represent a real brand or company, it's safe to block any attempts to send email to it.
As I mentioned above, this domain (and subdomains rua.contoso.com and ruf.contoso.com) appear in just about 50 different DMARC records for various domains, found when scanning the top ten million domains, and I suspect, even more less popularly ranked domains. These DMARC records are malformed; since contoso.com isn't a DMARC reporting system, you shouldn't use contoso.com in a reporting address (RUA or RUF) in your DMARC record. And the subdomains ruf.contoso.com and rua.contoso.com (also found in example DMARC records) do not exist in DNS. DMARC record checkers, you might want to watch for and warn users, if you find this domain embedded in any DMARC record checked.
You might have noticed from a previous post that Google has a similar demo domain called solarmora.com. At first, I didn’t realize that Microsoft had something similar! Thanks to Faisal Misle for pointing this one out to me.
Comments
Post a Comment
Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.