Introduction: Office 365 mail flow basics

 

上次修改主題的時間:2016-11-23

Office 365 uses domains, like contoso.com, to route email messages. When you set up email in Office 365, you typically switch from the default domain that you got when you first signed up for Office 365 (the domain ending with .onmicrosoft.com) to your organization’s domain. Domain names are managed by using a worldwide system of domain registrars (for example, GoDaddy, HostGator, or Moniker) and databases called the Domain Name System (DNS). DNS provides a mapping between human-readable computer hostnames and the IP addresses that networking equipment uses. If you’re new to DNS, we recommend that you read DNS basics.

The following video gives a quick overview of important concepts about what DNS is and how it works.

您的瀏覽器不支援視訊。請安裝 Microsoft Silverlight、Adobe Flash Player 或 Internet Explorer 9。

Contents

Understanding how DNS records control mail flow

How MX records affect spam filtering

In Office 365 mail flow, two DNS records are particularly important: MX records and SPF records.

MX (mail exchanger) records provide an easy way for mail servers to know where to send email. You can think of an MX record as a type of postal address. If you want Office 365 to receive all email that is addressed to anyone@contoso.com, the MX record for contoso.com should point to Office 365; it will look like the following example:

Hostname: contoso-com.mail.protection.outlook.com
Priority: 0
TTL: 1 hour

An SPF (sender policy framework) record is a specially-formatted TXT record in DNS. SPF records make sure that only the organization that owns a domain is actually sending email from that domain. SPF is a security measure to make sure that someone doesn’t impersonate an organization. (This impersonation is often called spoofing.) Because most modern email servers look up a domain’s SPF record before they accept any email from it, it’s important to set up a valid SPF record in DNS when you first set up mail flow.

As a domain owner, you can use an SPF record to publish a list of IP addresses or subnets that are authorized to send email on your organization's behalf. This is helpful if you want to send email from multiple servers or services that have different IP addresses. The SPF record that uses Office 365 to send all of an organization's email should look like the following example:

v=spf1 include:spf.protection.outlook.com -all
重要事項重要事項:
You can only have one SPF record per domain. Having multiple SPF records invalidates all SPF records and causes mail flow problems.

The SPF record configuration in the previous example tells the recipient email servers that email sent from Office 365’s IP addresses are authorized for the domain.

For the best mail flow experience—especially for spam filtering—we recommend that you point the MX record for your organization’s domain to Office 365. Spam scanning is the initial connection point to the Office 365 service. Who is sending the message, the IP address of the server that originally sent the message, and the behavior of the connecting mail server, all help determine whether a message is considered to be legitimate or spam. If your domain’s MX record doesn’t point to Office 365, the spam filters won’t be as effective. Specifically, f your MX record doesn’t point to Office 365, some valid messages will be misclassified as spam, and some spam messages will be misclassified as legitimate email.

However, there are legitimate business scenarios that require your domain’s MX record to point to somewhere other than Office 365. For example, email destined for your organization might need to initially arrive at another destination (such as a third-party archiving solution), then route through Office 365, and then be delivered to mailboxes on your organization’s mail server.

 
顯示: