Manage Accepted Domains in EOP


Applies to: Exchange Online Protection

Topic Last Modified: 2015-07-17

When you add your domain to Office 365, it’s called an accepted domain. This means that users in this domain can send and receive mail. For more information on how to add your domain to Office 365 using the Office 365 admin center, see Add your domain to Office 365.

After you add your domain using the Office 365 admin center, you can use the Exchange admin center (EAC) to view your accepted domains and configure the domain type.

There are two types of accepted domains, Authoritative and Internal Relay, which can be defined as follows:

  • Authoritative – Selecting this option means that email is delivered to email addresses that are listed for recipients in Office 365 for this domain. Emails for unknown recipients are rejected.

    • If you just added your domain to Office 365 and you select this option, it’s critical that you add your recipients to Office 365 before setting up mail to flow through the service.

    • This option is typically used when all the email recipients in your domain are using Office 365. You can also use it if some recipients exist on your own email servers. However, if recipients exist on your own email servers, you must add your recipients to this Office 365 domain to make sure that mail is delivered as expected. For more information about how to manage your recipients, see Manage mail users in EOP.

    • Setting this option enables Directory Based Edge Blocking (DBEB). For more information about DBEB, see Use Directory Based Edge Blocking to Reject Messages Sent to Invalid Recipients.

  • Internal relay – Selecting this option means that recipients for this domain can be in Office 365 or your own email servers. Email is delivered to known recipients in Office 365 or is relayed to your own email server if the recipients aren’t known to Office 365. For more information about setting up connectors between Office 365 and your own email servers, see Set up connectors to route mail between Office 365 and your own email servers.

    • You should not select this option if all of the recipients for this domain are in Office 365.

    • If you select this option, you must create a connector; otherwise recipients on the domain who are not hosted in Office 365 won’t be able to receive mail on your own email servers.

    • This option is required if you enable the subdomain routing option on a domain in order to let email pass through the service and be delivered to any subdomains of your accepted domains. For more information, see Enable mail flow for subdomains in Exchange Online.

  • Estimated time to complete: 10 minutes

  • You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Domains" entry in the Feature permissions in EOP topic.

  • For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.

Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection.

  1. In the EAC, go to Mail Flow > Accepted domains.

  2. Click the Name, Accepted domain, or Domain type column heading to sort alphabetically in ascending or descending order. By default, accepted domains are sorted alphabetically by name in ascending order.

  1. In the EAC, go to Mail Flow > Accepted domains.

  2. Select the domain and click Edit Edit icon.

  3. In the Accepted Domain window, in the This accepted domain is section, select the domain type. The possible values are Authoritative and Internal relay.

    • If you select Authoritative, you must confirm that you want to enable Directory Based Edge Blocking.

    • If you select Internal relay, you can enable match subdomains to enable mail flow to all subdomains. For more information, see Enable email flow for subdomains in EOP.

  4. When you’re finished, click Save.