Set up Outbound Email Filtering
Applies to: Forefront Online Protection for Exchange
Topic Last Modified: 2013-01-10
After validating and enabling your domains, and setting up inbound email filtering, as described in Set up Inbound Email Filtering, you can optionally configure outbound email filtering.
Ensure that the outbound domains you are using are not being used as open relays. (If your outbound IP address is found to be sending spam, it may be disabled to protect the rest of the network until the problem is resolved.)
Add outbound IP addresses to the Forefront Online Protection for Exchange (FOPE) Administration Center. All outbound mail sent from these addresses will be filtered by FOPE. Outbound IP addresses can be added at either the company level or the domain level. To add outbound IP addresses to your domain, perform these steps.
Note: Microsoft Office 365 customers do not need to add outbound IP addresses in the FOPE Administration Center because outbound IP addresses are determined by your Microsoft Exchange Online configuration.
In the FOPE Administration Center, click the Administration tab, and then click the Domains tab.
In the Domains list, click the name of the domain that you want to modify. You can search for a specific domain name by using the search box.
In the Mail Delivery Settings section of the center pane, next to Outbound Mail Server IP Addresses, click Add.
In the Add Outbound IP Addresses dialog box, in the IP addresses field, enter the outbound IP addresses that you want the domain to use to send email. Enter multiple IP addresses one line at a time.
Tip: Ensure that all outbound IP addresses added to your domain have been approved to use the FOPE outbound filtering service. If you receive an error when email attempts to be relayed to FOPE, or if you are not sure which outbound IP address to enter, contact your ISP to confirm the correct address. Microsoft does not keep a list of IP addresses, since Internet service provider IP addresses can change.
Configure your email server to direct all outbound email messages to mail.messaging.microsoft.com.
In Exchange Server 2000 and Exchange Server 2003, you can accomplish this by configuring the SMTP connector; for more information, see How to configure the SMTP connector in Exchange 200x. For additional information about configuring Exchange Server 2003 in a virtual server environment, see Configuring a Smart Host on a SMTP Virtual Server. For Exchange Server 2007 and Exchange Server 2010, instead of an SMTP connector you must configure a send connector; for more information, see How to Create a New Send Connector (Exchange 2007) and Understanding Send Connectors (Exchange 2010).
Outbound access through the FOPE service network is IP and domain-restricted. All outbound email messages that pass through the FOPE pool of outbound email servers are scanned for viruses, matches to policy filter rules, and spam characteristics before they are sent.
|Outbound email from domains listed in the FOPE Administration Center will be delivered as normal by one outbound pool of IP addresses. Email classified as possible junk will still be delivered, but through a separate pool of IPs, known as the higher risk delivery pool. This process ensures that junk email generated by compromised computers or improperly configured domains does not affect the flow of legitimate email.|
To proceed to the final step in the FOPE setup process, go to Verify the FOPE Setup.