Update 8/12/2025: Added the FAQ to the post. Also, to help shed more light on the Direct Send feature, we published a newer post called Direct Send vs sending directly to an Exchange Online tenant.
...
Updated Oct 06, 2025
Version 13.0
Blog Post
Direct Send is a bug, not a feature!
Direct Send enabled... Fully configured SPF, DKIM, DMARC(p=quarantine sp=quarantine pct=100), with Org, partner and "relay" connectors secured to specific IPs and we were getting Direct Send "SPAM".
Direct Send disabled and valid emails passing DMARC on those same locked down connectors are being blocked ! "Diagnostic-Code: smtp;550 5.7.68 TenantInboundAttribution; Direct Send not allowed for this organization from unauthorized sources."
How can I authorize sources other than with locked down connectors?????
So enabled, direct send bypasses connectors and SPF/DKIM/DMARC, but disable it and it blocks things on those same connectors that pass all inspections...
Our testing so far appears to tie at least some of the rejected by DS messages when they are send from a valid tenant mailbox address to another valid tenant mailbox address. Sending from an invalid tenant address on the same domain may/does not get blocked.
valid1@domain to valid2@domain fails. invalid@domain to valid@domain works.
Confirm have same issue as DeanTeam Have set flag to $True and a vendors email that sends using our domain is now blocked from direct send. Have Create a partner connector and this has made zero difference, still blocked with the "Direct Send not allowed for this organization from unauthorized sources." error. Will see if we need the new connector needs to be active for 24/48 hours and will test again.. but at this stage the setting looks like a bust
Have now set the rejectdirectsend flag to $false. Even with a partner connector that used the IPs from which mail was sent, it would get rejected.
I think the report that shows what is using DirectSend is important, and such a report should be available to O365 admins before it is made GA.