Mail Flow

Office 365

Applies to: Office 365

Topic Last Modified: 2015-11-06

Microsoft Exchange Online can route outbound mail through an on-premises server or a hosted service (sometimes called “smart hosting”). This enables organizations to use data loss prevention (DLP) appliances, perform custom post-processing of outbound email, and deliver email to business partners through private networks. Exchange Online also supports Address Rewrite, in which outbound email is routed through an on-premises gateway that modifies the addresses. This feature enables organizations to hide sub-domains, make email from a multi-domain organization appear as a single domain, or make partner-relayed email appear as if it were sent from inside the organization. Administrators configure custom email routing within the Exchange admin center (EAC).

For more information, see Outbound Smart Hosting Scenario.

Exchange Online supports inbound and outbound mail delivery.

As an Exchange Online customer, you can set up secure mail flow with a trusted partner by using Office 365 connectors. Office 365 supports secure communication through Transport Layer Security (TLS). You can create a connector to enforce encryption via TLS. You can also apply other security restrictions such as specifying domain names or IP address ranges from which your partner organization sends mail. TLS is a cryptographic protocol that provides security for communications over the Internet. Using connectors, you can configure both forced inbound and outbound TLS using self-signed or certification authority (CA)-validated certificates.

For more information, see Set up connectors for secure mail flow with a partner organization.

A CA-validated certificate may be required.

You can direct mail to specific sites using connectors and transport rules. With criteria-based routing, you can choose a connector to use, based on specific conditions.

For more information, see Conditional Mail Routing Scenario.

You can add a trusted partner’s IP address to a safe list to ensure that messages they send to you are not subject to anti-spam filtering. To do this, you can use the connection filter’s IP Allow list.

For more information, see Configure the Connection Filter Policy.

A hybrid deployment offers organizations the ability to extend the feature-rich experience and administrative control they have with their existing on-premises Microsoft Exchange organization to the cloud. With hybrid transport, messages sent between recipients in either organization are authenticated, encrypted, and transferred using Transport Layer Security (TLS), and appear as “internal” to Exchange components such as transport rules, journaling, and anti-spam policies. Hybrid transport is configured using the Hybrid Configuration Wizard in Exchange Server 2013.

For more information about mail routing in a hybrid deployment, see Transport Routing in Exchange 2013 Hybrid Deployments.

The Microsoft Exchange Server Deployment Assistant also provides detailed hybrid deployment provisioning and hybrid message transport guidance.

Shared Address Space with On-Premises Routing Control (MX Points to On-Premises) is a hybrid deployment mail-routing scenario where your mailboxes are hosted partially in Exchange Online and partially on-premises, and inbound and outbound Internet mail flow is routed through the on-premises Exchange organization. This scenario is also called centralized mail transport. In this scenario, Exchange Online is provisioned with EOP and inbound Internet mail is routed to your on-premises mail server before being routed to EOP and finally to mailboxes hosted in Exchange Online. Additionally, outbound mail from Exchange Online mailboxes is routed through the on-premises Exchange organization for messages sent to external recipients. With this configuration you can use a single SMTP domain namespace for all mailboxes in both your on-premises Exchange organization and your Exchange Online organization.

For more information about transport options in a hybrid deployment, see Transport Options in Exchange 2013 Hybrid Deployments.

Shared Address Space without On-Premises Routing Control (MX Points to EOP) is a hybrid mail-routing scenario where your mailboxes are hosted partially in the cloud using Exchange Online and partially on-premises, and your MX record points to EOP. This scenario is appropriate for when you use the Office 365 service to host some of your organization’s mailboxes and you want EOP to protect both your on-premises and cloud mailboxes. Specifically, in this scenario, mail sent to recipients within your organization is initially routed through EOP, where spam and policy filtering occurs, before it reaches your on-premises mailboxes and cloud mailboxes.

For more information about transport options in a hybrid deployment, see Transport Options in Exchange 2013 Hybrid Deployments.

Configuring a hybrid deployment in Microsoft Exchange Server 2013 with the Hybrid Configuration Wizard greatly minimizes the potential that the hybrid deployment will experience problems. However, there are some typical areas outside the scope of the Hybrid Configuration Wizard that, if misconfigured, may present problems in a hybrid deployment. These include proper Client Access server configuration and proper certificate installation and configuration.

For more information about troubleshooting a deployment with the Hybrid Configuration Wizard, see Troubleshoot a Hybrid Deployment.

You can modify an existing hybrid configuration by changing settings in the Hybrid Configuration Wizard. Scenarios include disabling centralized transport or disabling secure mail transport.

For more information about managing a hybrid deployment configuration, see Manage a Hybrid Deployment.

For more information about hybrid deployment requirements, see Hybrid Deployment Prerequisites.

In some hybrid configurations, you may need to purchase Exchange Online Protection licenses for your on-premises mailboxes.

To view feature availability across Office 365 plans, standalone options, and on-premise solutions, see Exchange Online Service Description.

Comments or questions about this topic? Send your feedback to Office 365 Service Description Feedback. Need help with Office 365? Visit the Microsoft support center. Want to chat with a customer service representative? Go to the Select a plan page and click Chat now in the red banner at the top.