Share via

Why can't Microsoft answer the question "Is mydefender@microsoft.com legit?"

Wolfgang Kirchdorfer 20 Reputation points
2026-05-14T02:02:03.63+00:00

Why can't Microsoft answer the question "Is mydefender@microsoft.com legit?"

I had Microsoft Office 365 since 2018, then it changed into something called Microsoft 365 (because MSFT thinks that changing a name makes a product 20% better?) and I had used Microsoft Defender as a security software.

Now, about eight years later, I get an email from mydefender@microsoft.com for the first time. So, since every 2nd thing

on the Internet is a scam, I figure it is a scam. Looking at VIEW & VIEW MESSAGE SOURCE does not help, because

six pages of unexplained gobbledigook does not explain a thing to anyone. Worse, your very own various chatbots cannot be certain that mydefender@microsoft.com is legit.

Meanwhile, that PCWORLD.COM website says: "Beware! That Microsoft email is genuine, but it’s also a scam

Scammers are sending phishing emails from a genuine Microsoft address. Here's why this scam is so effective and how you should protect yourself. "

So, now I can't trust the @microsoft domain anymore , and the idiocy of MSFT RECALL is a security nightmare invented by Microsoft, so I will never upgrade to Win 11. Therefore, I will not trust "mydefender@microsoft.com" until MSFT gets smart and invents a system that distinguishes itself from scammers. That might take 10 to 20 years, given that MSFT took that long to allow us to delete an unwanted horizontal line across a page in MS Word.

This is an example of a QUALITY QUESTION as it is based on EXPERIENCE with MSFT.

Microsoft 365 and Office | Microsoft 365 Defender | For home | Windows
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest

  1. AI answer

    2026-05-14T02:02:21.45+00:00

    Microsoft support email legitimacy is determined by the sending domain, not by individual addresses.

    Microsoft support uses these domains for support communications:

    1. microsoft.com
    2. microsoftsupport.com
    3. mail.support.microsoft.com
    4. office365support.com
    5. techsupport.microsoft.com

    An address like mydefender@microsoft.com uses the microsoft.com domain, which is on the official list of support domains. That means:

    • The domain itself is valid for Microsoft support.
    • However, a valid domain does not guarantee that a specific message is safe, because attackers can sometimes spoof or abuse legitimate domains or make messages look similar.

    Because of that, Microsoft guidance focuses on how to evaluate each message, even if it appears to come from a valid domain:

    1. Check for mismatched or subtly misspelled domains (for example micros0ft.com, rnicrosoft.com, or non-Microsoft domains like microsoftsupport.ru). These are clear scam indicators.
    2. In Outlook, pay attention if a banner appears saying “we could not verify the sender”. That means something in the email headers or authentication failed and the message should be treated with caution.
    3. Treat suspicious links or unexpected attachments as unsafe. Hover over links (or long-press on mobile) to see the real destination and verify it matches what is shown in the message.
    4. If a message pressures to act urgently, provide credentials, payment, or install software, treat it as suspicious even if the address looks legitimate.

    If a message that appears to be from mydefender@microsoft.com looks suspicious in any of these ways, do not click links or open attachments. Instead, follow the phishing guidance in Protect yourself from phishing.

    For Microsoft 365 mailboxes, additional protection such as Microsoft Defender for Office 365 and proper email authentication (SPF, DKIM, DMARC) help detect spoofed or malicious messages, but user checks like the above remain necessary.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.