Office 365

You can set up Office 365 to apply security restrictions so that mail from your organization will only be accepted if it comes through MailRoute servers.


*Before you begin the configuration/lockdown steps, make sure your o365 mailserver is listed in our inbound server tab and change your MX records if they are not already pointing to Once mail is flowing, begin the lockdown instructions detailed below.


Step 1.  Disable Office365 Spam filtering for email that does come through MailRoute.
  • Go to:
  • Choose "rules" under the "mail flow" category.
  • Click the "+" symbol to add a new rule, and choose "Bypass spam filtering…"
  • Give the new rule a descriptive name like "Bypass Spam Filtering for mail that came through MailRoute".
  • Under "Apply this rule if...", choose "The Sender..." -> "IP address is in any of these ranges or exactly matches 
  • Enter in the MailRoute IP address block, and click the "+" sign to add the address range, and click "OK", and then click "Save" to save this rule.
Step 2. Configure Office365 to bounce email that attempts to bypass MailRoute
  • Choose "Rules" under the "Mail Flow" category
  • Click the "+" symbol and choose "Create a new rule"
  • Give the rule a descriptive name, like "Reject email that bypasses MailRoute"
  • Choose "The Sender is located..." under "Apply this rule if..."
  • Choose "Outside the Organization" from the "select sender location" dialog that pops up, and then click "OK"
  • Choose "Reject the message with the explanation" from the "Do the following..." menu.
  • Enter in some explanatory text for the rejection message, like "Your email is attempting to bypass our security services.  Please verify that your DNS is working properly and try again." and click "OK"
 Now, set up an exception for email from MailRoute.
  • Click "More Options...." and then click "add exception”
  • Choose  "The sender is..." -> "the ip address is in any of these ranges or exactly matches..."
  • Enter in the MailRoute block of IP Addresses: and then click "+" to add this to the exception list. Then click "ok"
  • Choose "Stop processing more rules".
  • Under "Match sender address in message:", choose "Envelope"
  • Then click "Save" to save the rule.
In the list of rules, make sure that the rules are in this order:
  • Bypass spam filtering for email that comes through MailRoute
  • Reject email that bypasses MailRoute.
Use the "Arrows" to adjust the order of the rules to make sure they are in this exact order.
Configuring Outbound 
Configure Outbound email flow so that outbound mail is properly protected by MailRoute.
  • Choose "mail flow" from the left side menu, and the "connectors" from the top menu.
  • Click "+" to add a new rule. 
  • In the "From:" pulldown, choose "Office 365".
  • In the "To:" pulldown, choose "Partner Organization"
  • Click "Next"
  • Give this a name and a useful description (optional), and then click "Next”. 
  • Check the checkbox that says "What do you want to do after the Connector is saved?" Check to "Turn it On"
  • Select the "Only when emails are sent to these domains" radio button, and then click "+"
  • Enter a "*" (a single asterisk), and click “OK"
  • Click "Next"
  • Choose "Route email through these smart hosts", and click the "+" button
         enter "" and click "Save”
  • Click "Next"
  • Select the checkbox "Always use Transport Layer Security (TLS) to secure the connection (recommended)", and the option "Any digital certificate, including self-signed certificates", and then click "Next"
  • Click "Next”
  • Now we need to validate that the connector is working.  Click the "+" sign and enter an email address for testing, and click "ok”
  • Enter in an email address at a different domain from your own.
  • Then click "Validate"
  • If all is successful, you'll see the message "Done!  You've completed the operation."
  • Click "Close"
  • And then click "Save”


Note:  MailRoute will automatically recognize that you are using Office 365 for your outbound service, so you do not need to enter an outbound mailserver in the MailRoute Control Panel.

****If you are using us for Outbound you will need to update your SPF record. Add "" to your SPF record. If your record looks like this:




It can take Microsoft 45-60 minutes to apply the changes you just made to your configuration.



Start a free 30-day trial today.

Contact or for more information. 


Have more questions? Submit a request


Please sign in to leave a comment.