After our recent post Introducing more control over Direct Send in Exchange Online, there have been more questions about scenarios that are not actually Direct Send such as senders being able to igno...
Updated Aug 07, 2025
Version 7.0
Blog Post
If one uses a 3rd party MTA (SMTP2GO, Postmark, etc.) and SPF, DKIM, DMARC are all passing, this shouldn't require an Exchange connector, correct? It's not an Anonymous send if it's passing SPF and has a valid Return-Path.
In the last Direct Send blog post, it mentioned the following about the context of Anonymous:
"The sending domain being an accepted domain in your tenant is a straightforward and easy condition to evaluate. For the sending domain, we are talking specifically about the P1 Mail From envelope sender address here. The P2 From header is not checked by this feature. “Anonymous” in this context means that the messages are not attributed to any mail flow connector when they are sent to Exchange Online."
The 3rd party MTA's RFC5321.MAILFROM (P1 Mail From envelope sender) is using the same domain that is listed as an accepted domain in Exchange Online.
Mithun_Rathinam
Microsoft
MicrosoftKevin Taber , If "RejectDirectSend" is not enabled in your tenant, no connector is required.
However, if you do enable "RejectDirectSend", you must also configure an inbound partner connector that matches either the certificate (recommended) or the IP addresses used to send messages from that Trusted source.
Otherwise, messages will be rejected as anonymous in this context , even if SPF and authentication pass. Anonymous is different from email authentication.
Both SMTP2GO, and Postmark, are MTAs that are still successfully sending emails as my domain while RejectDirectSend is True.
No connector was configured.
Essentially authenticated SMTP for copiers, or transactional emails like invoices.
- Mithun_Rathinam
Kevin Taber , If they are authenticated client SMTP submission (SMTP AUTH), then Yes 'no connectors' required while RejectDirectSend is True.