Administration - Enhanced Filtering for Connectors

Updated

This article contains information on configuring inbound and outbound mail flow in Microsoft 365, managing relay pools, adding and modifying domains, and ensuring proper SPF, DKIM, and accepted domain settings for secure email routing.

Overview

Inbound connections that have been set up correctly provide a reliable source of incoming mail for Microsoft 365. The source of the incoming connection, however, is frequently not a reliable indicator of where the message originated in complicated routing circumstances where email for your Microsoft 365  domain is sent elsewhere first. 

Messages that are forwarded or relayed using Microsoft 365 may occasionally be transmitted using a unique relay pool since the recipient shouldn't recognize Microsoft 365 as the sender. Due to there being both lawful and illegitimate circumstances for automatically forwarding or relaying email out of Microsoft 365, it's crucial for the email traffic to be separated. For relayed mail, a different IP address pool is used, just as the high-risk delivery pool. 

The forwarded or relayed message should meet one of the following criteria to avoid using the relay pool:

  • The outbound sender is in an accepted domain.

  • SPF passes when the message comes to Microsoft 365.

  • DKIM on the sender domain passes when the message comes to Microsoft 365.

You can tell that a message was sent through the relay pool by looking at the outbound server IP (the relay pool is in the 40.95.0.0/16 range).

Add a domain to Microsoft 365:

  1. In the Microsoft 365 Administration Center, choose Setup.

  2. Under Get your custom domain set up, select View | Manage | Add domain.

  3. Enter the new domain name that you want to add, and then select Next.

  4. Sign in to your domain registrar, and then select Next.

  5. Choose the services for your new domain.

  6. Select Next | Authorize | Next, and then Finish. Your new domain has been added.

The domain type that is added should be an internal relay domain based on Microsoft documentation.

Change the domain type:

  1. Navigate to Mail flow | Accepted domains. The Accepted domains screen appears.

  2. Select an accepted domain and click it. The accepted domain's details screen appears.

  3. Under the This accepted domain is section, select the domain type. The possible values are Authoritative and Internal relay.

    • If you select Authoritative, you must confirm that you want to enable Directory-Based Edge Blocking.

    • If you select Internal Relay, you can enable the match-subdomains to enable mail flow to all subdomains. For more information, see Enable mail flow for subdomains in Exchange Online.

  4. Click Save.

See Also...

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.