This article describes how to configure Email protection provided by Smarsh Hosted Services with your Office 365 account purchased from Smarsh Hosted Services.
To configure outbound mail flow routing through Smarsh Hosted Services Email protection, follow the steps described below.
Important: make sure to create or adjust the SPF record for your domain to include spf.msoutlookonline.net.
For example, your_domain.com, TXT, "v=spf1 include:spf.protection.outlook.com include:spf.serverdata.net ~all"
This step needs to be completed first to prevent possible problems with mail delivery during creation of a new connector. You may lower TTLs to 1 hour to update the SPF record faster. Only when the SPF record is created, it is safe to enable the outbound send connector.
- Log in to your Office 365 portal as Global admin
- Navigate to Exchange admin center
- Navigate to Mail flow > Connectors and click on a plus sign to add a new connector
- Select From as Office 365 and To as Partner organization
- Specify the name of your new connector and leave the option Turn it on
- Choose the second option for Only when email messages are sent to these domains and specify * (asterisk sign) to include all domains
- For routing please choose Route emails through these smart hosts and input outbound.smtp.o365.serverdata.net value
- Choose to always use TLS for secure connections and to make sure that certificate is issued by a trusted certificate authority
- Review and confirm the settings then proceed with validation of connector setup
- Enter a valid external email address and click Validate
- Make sure connectivity check is successful and save changes. Failure on ‘Send test email’ is expected and can be ignored, as O365 Create Connector Wizard attempts to send test message from a non-existing address, which is rejected by our filtering.
O365 default SPF record include:spf.protection.outlook.com can be deleted after enabling of the send connector, this step is optional.
Note: If you have DKIM already configured with O365, it may disrupt filtering with Smarsh Hosted Services as during outbound filtering an email content may be changed and DKIM Signature may become invalid. Two solutions are possible:
- Configure DKIM with Smarsh Hosted Services and extend existing TXT records to include a new signature.
Domain Keys Identified Mail (DKIM) With Outbound Email Filtering
- Disable DKIM signing with Office 365.
To do so, login to Office portal, navigate to Admin > Exchange > Protection > DKIM and click Disable for all listed domains. For more information, refer to MS KB article Use DKIM to validate outbound email sent from your custom domain in Office 365.