After our recent post Introducing more control over Direct Send in Exchange Online, there have been more questions about scenarios that are not actually Direct Send such as senders being able to igno...
Updated Aug 07, 2025
Version 7.0
Blog Post
Hello Community, we currently have an inbound connector for Mimecast in Exchange Online. It is configured to verify IP addresses using Mimecast IPs but does not restrict domains to IP addresses. We also set up a transport rule to monitor traffic for potential direct send vulnerabilities. During monitoring, we noticed some emails bypass our connector. This includes calendar and Teams meeting invites, which appear to come from IPv6 addresses that seem to belong to Microsoft services. Is this expected behavior? We want to properly secure our inbound connector and would appreciate advice on the best approach. Should we create a new inbound connector that restricts domains to IP addresses and includes Mimecast IPs instead of enabling reject direct send? Would it be better to run both connectors for a period before disabling the old one? Could these changes affect calendar invites, Teams invites, or other legitimate Microsoft service emails or any other emails? Any recommendations or best practices for securing the inbound connector without impacting legitimate traffic would be greatly appreciated. Thank you.
Arindam_Thokder SeanMSFT Mithun_Rathinam The_Exchange_Team any insights on this? i am curious to understand if or how this can be avoided?