- Article
- 21 minutes to read
Important
From December 2022 theClassic EACit will be obsolete for customers around the world. Microsoft recommends usingnew Exchange admin center, if you haven't already.
While most features have been migrated to the new EAC, some have been migrated to other admin centers, and the rest will be migrated to the new EAC soon. For features not yet available in the new EAC, seeOther propertiesor use global search to navigate the new EAC.
Important
Mail flow rules are now available in the new Exchange admin center.try now!
Requirements: Office 365 or Microsoft 365 subscription,Online Exchange Plane.
This article explains how you can send email from work apps and devices when all your mailboxes are in Microsoft 365 or Office 365. Example:
- You have a scanner and want to email scanned documents to yourself or someone else.
- You have a line of business (LOB) application that manages appointments and you want to send email reminders to customers about the appointment time.
Option 1: Authenticate your device or app directly with a Microsoft 365 or Office 365 mailbox and send an email by sending the SMTP authentication client
monitoring
This option is not compatible withMicrosoft security standards. We recommend using modern authentication when connecting to our service. Although SMTP AUTH now supports OAuth, most devices and clients are not designed to use OAuth with SMTP AUTH. Because of this, there are currently no plans to disable basic authentication for SMTP AUTH clients. For more information about OAuth, seeAuthenticate an IMAP, POP, or SMTP connection with OAuth.
You should also check if SMTP AUTH is enabled for the mailbox you are using. SMTP AUTH is disabled for organizations created after January 2020, but can be enabled per mailbox. For more information, seeEnable or disable sending authenticated client SMTP (SMTP AUTH) in Exchange Online.
This option supports most usage scenarios and is the easiest to configure. Choose this option if:
- You want to send an email from an application, service, or device hosted by a third party.
- You want to send email to people inside and outside your organization.
To set up your device or app, connect directly to Microsoft 365 or Office 365 using the sending endpoint of the SMTP authentication clientsmtp.office365.com.
Each device or app must be able to authenticate to Microsoft 365 or Office 365.
How to configure sending SMTP AUTH client
Enter the following settings directly on your device or in the appas his guide instructs(You can use terminology other than that used in this article.) As long as your scenario meets the requirements for sending the SMTP AUTH client, you can use the following configuration to send email from your device or application.
| Device or app settings | bravery |
|---|---|
| Server/Smarthost | smtp.office365.com |
| Porta | Port 587 (recommended) or port 25 |
| TLS/Inicar TLS | Capable |
| Username/email address and password | Enter the credentials of the hosted mailbox used |
TLS and other encryption options
Determine which version of TLS your device supports by consulting your device's instructions or your provider. If your device or application does not support TLS 1.2 or higher, you have the following alternatives:
- Use as neededDrop Shipping (Option 2)ÖMicrosoft 365 oder Office 365 SMTP-Relay (Option 3)instead of.
- Use a local email server (Exchange Server or another SMTP server) to relay emails if your device cannot meet the above requirements to connect to Microsoft 365 or Office 365. You may even find it easier to set up and manage a local SMTP server to route messages from your devices and applications, especially if you have many devices and applications that send email.
For more information about setting up your own email server to send email to Microsoft 365 or Office 365, seeConfigure connectors to route email between Microsoft 365 or Office 365 and your own email servers.
monitoring
If your device recommends or uses port 465 by default, it does not support sending SMTP AUTH client.
How SMTP AUTH client submission works
The following diagram provides a conceptual overview of what your environment will look like.
Send functions of the SMTP AUTH client
- Sending the SMTP AUTH client allows you to send email to people inside and outside your organization.
- This method bypasses most spam checks for emails sent to people in your organization. This bypass can help protect your company's IP addresses from being blocked by a spam list.
- This method allows you to send email from any location or IP address, including your organization's (local) network or a third-party cloud hosting service such as Microsoft Azure.
Requirements for submission of SMTP AUTH clients
- authentication: We recommend using modern authentication in the form of OAuth whenever possible. Otherwise, you'll need to use basic authentication (which is just username and password) to send email from your device or app. For more information about OAuth, seeAuthenticate an IMAP, POP, or SMTP connection with OAuth. If SMTP AUTH is intentionally disabled for the organization or mailbox you are using, you should use option 2 or 3 below.
- Letter box- You must have a licensed Microsoft 365 or Office 365 mailbox to send email.
- Transport Layer Security (TLS): Your device must support TLS version 1.2 and higher.
- Porta: Port 587 (recommended) or port 25 is required and must be enabled on your network. Some network firewalls or ISPs block ports, particularly port 25, as this is the port email servers use to send email.
- DNS: Use the DNS name smtp.office365.com. Do not use an IP address for the Microsoft 365 or Office 365 server as IP addresses are not supported.
monitoring
For information about TLS, seeHow Exchange Online uses TLS to secure email connectionsFor detailed technical information about how Exchange Online uses TLS with cipher suite ordering, seeImproved mail flow security for Exchange Online.
SMTP AUTH client sending restrictions
- You can only send from one email address unless your device can store credentials for multiple Microsoft 365 or Office 365 mailboxes.
- Microsoft 365 or Office 365 imposes some sending restrictions. SeeExchange Online Limits - Sending and receiving limitsFor more informations.
Option 2 - Send an email directly from your printer or app to Microsoft 365 or Office 365 (Drop Send)
Choose this option if:
- In your environment, SMTP AUTH is disabled.
- Sending SMTP client (option 1) is not compatible with your business needs or your device.
- You only need to send messages to recipients in your own organization who have mailboxes in Microsoft 365 or Office 365; You don't need to send email to anyone outside of your organization.
Other scenarios where drop shipping might be your best option:
You want your device or application to send from each user's email address, and you don't want each user's mailbox credentials configured to use SMTP client sending. Direct sending allows each user in your organization to send email using their own address.
Avoid using a single mailbox with Send As permissions for all your users. This method is not supported due to complexity and potential issues.
You want to send bulk emails or newsletters. Microsoft 365 or Office 365 doesn't allow sending bulk messages via SMTP client submission. With Direct Sending you can send a large number of messages.
There is a risk that Microsoft 365 or Office 365 will mark your email as spam. You can enlist the help of a bulk email provider to help you. For example, they can help you follow best practices and ensure that your domains and IP addresses aren't being blocked by others on the internet.
Drop Shipping Preferences
Make the following settings on the device or directly in the app.
| Device or app settings | bravery |
|---|---|
| Server/Smarthost | Your MX endpoint, for example contoso-com.mail.protection.outlook.com |
| Porta | Puerta 25 |
| TLS/Inicar TLS | Optional |
| E-Mail-Addresse | Any email address for one of your domains that is supported by Microsoft 365 or Office 365. This email address does not have to have a PO box. |
We recommend adding an SPF record to prevent messages from being marked as spam. If you are sending from a static IP address, add it to your SPF record in your domain registrar's DNS settings as follows:
| DNS entry | bravery |
|---|---|
| FPS | v=spf1 ip4:<statische IP-Adresse> include:spf.protection.outlook.com ~all |
Step-by-step guide to dropshipping
If your device or app can broadcast from a static public IP address, get that IP address and write it down. You can share your static IP address with other devices and users, but do not share your IP address with anyone outside your organization. Your device or application can send from a shared or dynamic IP address, but the messages are more prone to spam filtering.
login inMicrosoft 365 Admin Center.
Go tothe settings>domains, select your domain (e.g. contoso.com) and locate the MX record.
The MX record contains data forPoints that need to be addressed or evaluatedthat seems so
contoso-com.mail.protection.outlook.com.Write down the datesPoints that need to be addressed or evaluatedto the MX record, which we call the MX endpoint.
Go back to Device and Settings, which is what would normally be calledServerÖhost intelligent, enter the MX recordPoints that need to be addressed or evaluatedregistered in step 4.
monitoring
Do NOT use an IP address for the Microsoft 365 or Office 365 server connection as IP addresses are not supported.
After you've finished configuring your device settings, go to your domain registrar's website to update your DNS records. Edit the Sender Policy Framework (SPF) entry. In the input, paste the IP address that you wrote down in step 1. The last string looks like the following example:
v=spf1 ip4:10.5.3.2 include:spf.protection.outlook.com ~allwhere 10.5.3.2 is your public IP address.
caution
This IP address is authorized to broadcast on behalf of your domain. Anyone with access to it could send an email to any external recipient and it would pass the SPF check. You should carefully consider who has access to that IP address.
monitoring
Skipping this step could result in the email being sent to the recipient's spam folder.
To test your settings, send a test email from your device or app and confirm that the recipient received it.
This is how dropshipping works
In the following diagram, the app or device on your organization's network uses direct send and your Microsoft 365 or Office 365 email exchange (MX) endpoint for email recipients in your organization. It's easy to find your MX endpoint in Microsoft 365 or Office 365 if you need to search for it.
You can set up your device to send email directly to Microsoft 365 or Office 365. Use direct sending to route email to recipients with Microsoft 365 or Office 365 mailboxes in your organization. Direct send also works for external recipients with mailboxes in Microsoft 365 or Office 365. If your device uses direct send to try to forward an email to a recipient who doesn't have a Microsoft 365 or Office 365 mailbox, the email will be rejected. .
monitoring
If your device or app can act as an email server to send messages to Microsoft 365, Microsoft 365, or Office 365 and other email providers, Microsoft 365 or Office 365 setup is not required for this phase . For more information, see the instructions for your device or app.
Drop Shipping Features
- Use Microsoft 365 or Office 365 to send email, but a dedicated Microsoft 365 or Office 365 mailbox is not required.
- It is not necessary for your device or application to have a static IP address. However, it is recommended that your device or application have a static IP address whenever possible.
- It doesn't work with a plug; Never configure a device to use a Direct Send Connector, as such a configuration can cause problems.
- It is not required that your device supports TLS.
Sending directly has higher sending limits than sending from SMTP clients. Senders are not subject to the restrictions described in Option 1.
Drop Shipping Requirements
- Porta: Port 25 is required and must be enabled on your network.
- A static IP address is recommended: A static IP address is recommended so that an SPF record can be created for your domain. The SPF record prevents your messages from being marked as spam.
- Does not require a licensed Microsoft 365 or Office 365 mailbox.
Drop Shipping Restrictions
- Direct sending cannot be used to send email to external recipients, e.g. B. Recipients with Yahoo or Gmail addresses.
- Your messages are subject to anti-spam controls.
- Outgoing emails can be interrupted if your IP addresses are blocked from a spam list.
- Microsoft 365 and Office 365 use throttling policies to protect the service.
Option 3: Set up a connector to send email using Microsoft 365 or Office 365 SMTP relay
This option is more difficult to implement than the others. Select this option only if:
- In your environment, SMTP AUTH is disabled.
- Sending SMTP client (option 1) is not compatible with your business needs or your device
- You cannot use Direct Send (Option 2) because you need to send email to external recipients.
SMTP relay allows Microsoft 365 or Office 365 to relay email on your behalf using a connector configured with your public IP address or a TLS certificate. Configuring a connector complicates this option.
Configuration for Microsoft 365 or Office 365 SMTP relay
| Device or app settings | bravery |
|---|---|
| Server/Smarthost | Your MX terminal for exampleyour domain-com.mail.protection.outlook.com |
| Porta | Puerta 25 |
| TLS/Inicar TLS | Capable |
| E-Mail-Addresse | Any email address in one of your verified Microsoft 365 or Office 365 domains. This email address does not require a mailbox. |
If you've already configured a connector to deliver messages from your on-premises organization to Microsoft 365 or Office 365 (such as a hybrid environment), you probably don't need to create a dedicated connector for Microsoft 365 or Office 365 SMTP relay. If you need to create a connector, use the following configurations to support this scenario:
| connector configuration | bravery |
|---|---|
| Since | Your organization's email server |
| For | Microsoft 365 and Office 365 |
| Domain Restrictions: IP Address/Range | Your local IP address or range of addresses that the device or app uses to connect to Microsoft 365 or Office 365 |
We recommend adding an SPF record to prevent messages from being marked as spam. If you are sending from a static IP address, add it to your SPF record in your domain registrar's DNS settings as follows:
| DNS entry | bravery |
|---|---|
| FPS | v=spf1 ip4:<statische IP-Adresse> include:spf.protection.outlook.com ~all |
Step-by-step instructions for setting up SMTP relay
Get the public (static) IP address that the device or application is broadcasting from. A dynamic IP address is not supported or allowed. You can share your static IP address with other devices and users, but do not share your IP address with anyone outside your organization. Make a note of this IP address for later.
login inMicrosoft 365 Admin Center.
Go tothe settings>domains, select your domain (e.g. contoso.com) and locate the MX record.
The MX record contains data forPoints that need to be addressed or evaluatedthat seems so
contoso-com.mail.protection.outlook.com.Write down the datesPoints that need to be addressed or evaluatedto the MX record, which we call the MX endpoint.
Make sure the domains you're sending the app or device to are verified. If the domain isn't verified, the emails may be lost and you won't be able to track them using the Exchange Online message tracking tool.
Select in Microsoft 365 or Office 365Administratorand soExchangeto go to the new Exchange admin center.
monitoring
clickExchange, the new Exchange admin center starts. If you want to navigate to the classic Exchange admin center, clickClassic EACin the left pane of the new Exchange admin center home page.
In the Exchange admin center (EAC), go toMailfluss>connections. ÖconnectionsThe screen is shown in the following two images below for New EAC and Classic EAC respectively.
Review the list of connectors configured for your organization. If no connector is listed from your organization's email server to Microsoft 365 or Office 365, create a connector in the Exchange admin center (EAC):
Classic EAC:
Open the EAC inhttps://admin.protection.outlook.com/ecp/and goes toMailfluss>connectionsand then clickAdd to
. In the wizard that opens, on the first screen, select the options described in the screenshot below:CliqueNextand give the connector a name.
Select on the next screenBy checking that the IP address of the sending server matches one of these IP addresses belonging to your organizationand add the IP address from step 1.
Leave all other fields at their default values and selectsage .
new CAE:
Open the EAC inhttps://admin.protection.outlook.com/ecp/and goes toMailfluss>connections. Or go straight toconnectionspage, usehttps://admin.exchange.microsoft.com/#/conectores.
Cliqueadd a port
. In the wizard that opens, on the first screen, select the options described in the screenshot below:CliqueNext. Öconnector namefabric appears.
Enter a name for the connector and clickNext. ÖEmail authentication sentfabric appears.
ChooseCheck if the IP address of the sending server matches one of these IP addresses that belong only to your organizationand add the IP address from step 1 ofStep-by-step instructions for setting up SMTP relaySection.
Cliquesage .
After you finish setting up Microsoft 365 or Office 365, go to your domain registrar's website to update your DNS records. Edit your SPF record. Add the IP address you wrote down in step 1. The last string should look like this
v=spf1 ip4:10.5.3.2 include:spf.protection.outlook.com ~all, where 10.5.3.2 is your public IP address. Skipping this step could result in the email being sent to the recipient's spam folder.Now go back to the device and in the settings look for the entry for server or smart host and enter the MX recordPOINTS TO DISCUSSValue you noted in step 3.
To test your settings, send a test email from your device or app and confirm that the recipient received it.
. In the wizard that opens, on the first screen, select the options described in the screenshot below:
Configure a certificate-based connector to route email through Microsoft 365 or Office 365
If your devices or apps can use a certificate for mail flow, you can set up a certificate-based connector to route mail through Microsoft 365 or Office 365.
To perform this task, verify the subject name in the certificate used by the sending device or application. The Common Name (CN) or Subject Alternative Name (SAN) in the certificate must contain a domain name that you have registered with Microsoft 365 or Office 365. Also, you need to create a certificate-based connector in Microsoft 365 or Office 365 with this domain name to accept and transmit email coming from those devices, applications, or other on-premises servers. For more information about this method, seeImportant note for email clients with configured connectors.
How Microsoft 365 or Office 365 SMTP Relay works
In the following diagram, the application or device on your organization's network uses a connector to route SMTP to email recipients in your organization.
The Microsoft 365 or Office 365 connector you set up authenticates your device or app with Microsoft 365 or Office 365 using an IP address. Your device or app can send email from any address (including ones that can't receive email) as long as the address uses one of your domains. The email address does not have to be linked to an actual mailbox. For example, if your domain is contoso.com, you can send from an address like do_not_reply@contoso.com.
Microsoft 365 or Office 365 SMTP relay uses a connector to authenticate email sent from your device or app. This authentication method allows Microsoft 365 or Office 365 to route these messages to their own mailboxes and external recipients. Microsoft 365 or Office 365 SMTP relay is similar to direct send, except you can send email to external recipients.
Due to the added complexity of configuring a connector, sending directly through Microsoft 365 or Office 365 SMTP relay is recommended unless you need to send email to external recipients. To send email using Microsoft 365 or Office 365 SMTP relay, your device or application server must have a static IP address or address range. You can't use the SMTP relay to send email directly to Microsoft 365 or Office 365 from a third-party hosted service like Microsoft Azure. For more information, seeTroubleshoot outbound SMTP connectivity in Azure.
Microsoft 365-Features oder Office 365-SMTP-Relay
- Microsoft 365 or Office 365 SMTP Relay does not require the use of a licensed Microsoft 365 or Office 365 mailbox to send email.
- Microsoft 365 or Office 365 SMTP relay has higher sending limits than client SMTP sending. Senders are not subject to the restrictions described in Option 1.
SMTP relay requirements for Microsoft 365 or Office 365
- Static IP address or address range: Most devices or applications cannot use a certificate for authentication. Use one or more static IP addresses not shared with another organization to authenticate your device or application.
- Connector: Set up a connector in Exchange Online for emails sent from your device or app.
- Porta: Port 25 is required. Make sure this port is not blocked on your network or by your ISP.
Microsoft 365 or Office 365 SMTP relay limitations
- Outgoing emails can be interrupted if your IP addresses are blocked from a spam list.
- Appropriate limits are placed on submission. For more information, seeHigh risk delivery group for outbound messages.
- Requires non-shared static IP addresses (unless a certificate is used).
- For transient failures, the connected client is expected to try again within a reasonable amount of time. Microsoft recommends that the connected client keep SMTP logs to better investigate these types of errors.
monitoring
AfterRFC de SMTPProposal, Option 1 Sending the SMTP AUTH client may be the most appropriate method for an SMTP application/client that is not a full featured mail server (MTA).
Compare the options
Here's a comparison of each configuration option and the features they support.
| resources | SMTP-Client senden | drop shipping | SMTP-Relay |
|---|---|---|---|
| Send to recipients in your domain(s). | Sim | Sim | Sim |
| Route to the internet through Microsoft 365 or Office 365 | Sim | no Direct delivery only. | Sim |
| ignore spam | Yes, if the email is destined for one of your Microsoft 365 or Office 365 mailboxes. | no Suspicious emails can be filtered. We recommend a custom SPF (Sender Policy Framework) record. | no Suspicious emails can be filtered. We recommend a custom SPF record. |
| Supports emails sent from third-party hosted applications | Sim | Yes, we recommend updating your SPF record so third parties can submit it as your domain. | no |
| Save to Sent Items folder | Sim | no | no |
| requirements | |||
| Open network port | Port 587 or Port 25 | Puerta 25 | Puerta 25 |
| The device or application server must support TLS | necessary | Optional | Optional |
| requires authentication | Microsoft 365 or Office 365 username and password required | Neither | One or more static IP addresses. Your printer or the server running your LOB application must have a static IP address that can be used to authenticate with Microsoft 365 or Office 365. |
These are the limitations of each configuration option:
| limitations | SMTP-Client senden | drop shipping | SMTP-Relay |
|---|---|---|---|
| boundary limits | 10,000 recipients per day. 30 messages per minute. | Default throttling is in place to protect Microsoft 365 or Office 365. | Appropriate limits are set. The Service may not be used to send spam or bulk email. For more information on reasonable limits, seeHigh risk delivery group for outbound messages. |
Run diagnostics to configure apps or devices that send email with Microsoft 365
monitoring
This feature requires a Microsoft 365 admin account.
If you still need help setting up apps or devices that send email with Microsoft 365 or need help troubleshooting apps or devices that send email with Microsoft 365, run an automated diagnosis.
To run the diagnostic check, select the following button:
A flyout will open in the Microsoft 365 admin center. Select the appropriate option you're looking for, e.g. new configuration or troubleshooting an existing configuration.
Use your own email server to send emails from apps and multifunction devices
If you have an on-premises email server, you should definitely use that server for the SMTP relay instead of Microsoft 365 or Office 365 applications. in your local network. Setup details depend on your local email server. For information about Exchange Server, see the following articles:
- Allow anonymous relay on Exchange servers
- Receive messages from a non-Exchange server, service, or device
related posts
Fix issues with printers, scanners, and LOB apps that send email through Microsoft 365 or Office 365
Configure connectors to route email between Microsoft 365 or Office 365 and your own email servers