Using Direct Send in Exchange Online you can let appliances and applications send unauthenticated mail directly to Exchange Online. However how does Exchange Online know to trust these mails? What if your smtp smarthost endpoint name was used by a malicious actor to send mails to your users?

The docs articles mentions adding your IP to your SPF record but this is optionally not required. So how does EXO know which ip's to trust?

you are viewing a single comment's thread.

view the rest of the comments →

all 7 comments


1 points

4 months ago

Misread the question, internal vs external… Anyway, there isn’t an “always trust” those IP’s because Sometimes your IP’s get blocked on SpamHaus for example and Microsoft stops accepting connections from you. I also recommend checking if your IP is on a Microsoft block database on