Update 11/13/2023: We added new information on how to know when this change is released to your organization.
Today, we are announcing an update to our requirements for SMTP relay through Exchange ...
Updated Feb 22, 2024
Version 19.0
Blog Post
Carolyn_Liu, thanks for the response.
If neither P1 nor P2 is accepted domain, then we do not accept the mail. Unless the following are true:
1. The cert domain (1.a) is an accepted domain.
2. The recipient is an accepted domain.
So to clarify:
If we use certificate authentication (1.a) in the connector then the P1 or P2 sender domains can be anything (accepted domains, non-accepted organisation domains and sub-domains, non-owned organisation domains etc.) and the recipient domains can be anything as well?
The key point here is that the certificate domain defined in the connector must match that defined in the certificate of the SMTP relay server e.g. tenantroot.com = tenantroot.com, as long as this matches then the sender and recipient domains can be anything?
If we use IP authentication in the connector then the P1 or P2 sender domains can be anything (accepted domains, non-accepted organisation domains and sub-domains, non-owned organisation domains etc.) as long as the recipient domain is an accepted domain?
I'm still analysing our sending scenarios but this looks like what I'm seeing.
Will this still be the case under the New Configuration?
Also, would it be possible to be more explicit on some the terminology used at the top of this blog e.g. "belongs to your organization", does this mean an explicit domain as defined under your O365 domains or could it be a sub-domain of one of these even though it's not explicitly defined in O365 domains?
If it has to be a defined O365 domain does it also require externally hosted DNS records to be considered "belongs to your organization" e.g. MX, SPF etc?
Best regards
Owain