Office 365

You can set up Office 365 to apply security restrictions so that mail from your organization will only be accepted if it comes through MailRoute servers.


Step 1.  Disable Office365 Spam filtering for email that does come through MailRoute.
  • Go to:
  • Choose "rules" under the "mail flow" category.
  • Click the "+" symbol to add a new rule, and choose "Bypass spam filtering…"
  • Give the new rule a descriptive name like "Bypass Spam Filtering for mail that came through MailRoute".
  • Under "Apply this rule if...", choose "The Sender..." -> "IP address is in any of these ranges or exactly matches 
  • Enter in the MailRoute IP address block, and click the "+" sign to add the address range, and click "OK", and then click "Save" to save this rule.
Step 2. Configure Office365 to bounce email that attempts to bypass MailRoute
  • Choose "Rules" under the "Mail Flow" category
  • Click the "+" symbol and choose "Create a new rule"
  • Give the rule a descriptive name, like "Reject email that bypasses MailRoute"
  • Choose "The Sender is located..." under "Apply this rule if..."
  • Choose "Outside the Organization" from the "select sender location" dialog that pops up, and then click "OK"
  • Choose "Reject the message with the explanation" from the "Do the following..." menu.
  • Enter in some explanatory text for the rejection message, like "Your email is attempting to bypass our security services.  Please verify that your DNS is working properly and try again." and click "OK"
 Now, set up an exception for email from MailRoute.
  • Click "More Options...." and then click "add exception”
  • Choose  "The sender is..." -> "the ip address is in any of these ranges or exactly matches..."
  • Enter in the MailRoute block of IP Addresses: and then click "+" to add this to the exception list. Then click "ok"
  • Choose "Stop processing more rules".
  • Under "Match sender address in message:", choose "Envelope"
  • Then click "Save" to save the rule.
In the list of rules, make sure that the rules are in this order:
  • Bypass spam filtering for email that comes through MailRoute
  • Reject email that bypasses MailRoute.
Use the "Arrows" to adjust the order of the rules to make sure they are in this exact order.
Configuring Outbound 
Configure Outbound email flow so that outbound mail is properly protected by MailRoute.
  • Choose "mail flow" from the left side menu, and the "connectors" from the top menu.
  • Click "+" to add a new rule. 
  • In the "From:" pulldown, choose "Office 365".
  • In the "To:" pulldown, choose "Partner Organization"
  • Click "Next"
  • Give this a name and a useful description (optional), and then click "Next”. 
  • Check the checkbox that says "What do you want to do after the Connector is saved?" Check to "Turn it On"
  • Select the "Only when emails are sent to these domains" radio button, and then click "+"
  • Enter a "*" (a single asterisk), and click “OK"
  • Click "Next"
  • Choose "Route email through these smart hosts", and click the "+" button
         enter "" and click "Save”
  • Click "Next"
  • Select the checkbox "Always use Transport Layer Security (TLS) to secure the connection (recommended)", and the option "Any digital certificate, including self-signed certificates", and then click "Next"
  • Click "Next”
  • Now we need to validate that the connector is working.  Click the "+" sign and enter an email address for testing, and click "ok”
  • Enter in an email address at a different domain from your own.
  • Then click "Validate"
  • If all is successful, you'll see the message "Done!  You've completed the operation."
  • Click "Close"
  • And then click "Save”



Note:  MailRoute will automatically recognize that you are using Office 365 for your outbound service, so you do not need to enter an outbound mailserver in the MailRoute Control Panel.



It can take Microsoft 45-60 minutes to apply the changes you just made to your configuration.



Start a free 30-day trial today.

Contact or for more information. 


Have more questions? Submit a request


  • 0
    Adam Brown

    Microsoft has deprecated the Forefront Online Protection login  portal for all customers who have been upgraded to the latest version of O365 (Wave 15). All controls previously held in that interface are now merged into the Exchange Admin Portal in O365. To get Mailroute to go through without spam filtering, the instructions are as follows:

    Log in to O365 Portal -> Admin -> Exchange -> Protection -> Connection Filter -> Double-click Default -> Connection Filtering -> Add the IP Ranges in step 9 above to the Allowed IP Address List -> Place checkmark next to Enable Safe List -> Click Save.

    It isn't necessary to create an Inbound connector with the latest version of O365 to receive mail from Mailroute, but it doesn't hurt to do so. For this:

    Log in to O365 Portal -> Admin -> Exchange -> Mail flow -> Click + under Inbound Connectors -> Enter a name for the Connector -> Select On-Premises and Select Retain Service Headers (If you want them, otherwise, set as Partner) -> Under Sender Domains, Click +, Enter * in the box, click save -> Under Sender IP Addresses Click + and add each IP range from step 9 above. Leave the remainder of options as they are and click save.

Please sign in to leave a comment.