Email query
-
@Carnival-Boy said in Email query:
Then you could use a different domain address.
Sure, one that you are going to be an authoritative email host for.
-
@Carnival-Boy said in Email query:
Then you could use a different domain address.
Sure, as long as you don't get bit by those other things that Scott mentioned. O365 will be doing pretty much all of them to protect it's uses against spam.
-
@JaredBusch said in Email query:
@Dashrender said in Email query:
@Carnival-Boy said in Email query:
@scottalanmiller said in Email query:
But with modern security, that's never realistically possible.
Why not?
doing this correctly would mean that the OP would using a sending address that is on the same domain as his email domain that's hosted on O365. O365 will deny emails claiming to be coming from somewhere else for the same domain, because O365 Knows that it's responsible for that domain - it's an antispam thing.
Not if you make a connector as I just listed.
Very nice bro!
-
@Carnival-Boy said in Email query:
@scottalanmiller said in Email query:
- SPF records are sometimes required.
You can create an SPF record for the IP address of the application sending the e-mail.
Well first, you will have to have a second domain that is not controlled by Office 365.
Then you have to make an SPF on said second domain.
Then you have to train users not to ignore it as spam. -
@Dashrender said in Email query:
@Carnival-Boy said in Email query:
Then you could use a different domain address.
Sure, as long as you don't get bit by those other things that Scott mentioned. O365 will be doing pretty much all of them to protect it's uses against spam.
Yup, same reasons that we say to not run your own in house email servers in general. Some people get lucky and it just works. Others can never get reliable email delivery. Tons of IP addresses like most cloud hosts and most normal connections are black listed by the big carriers to avoid spam. So sometimes nothing you do as a small email player matter. Other times, it just works. You take your chances.
-
@Dashrender said in Email query:
@JaredBusch said in Email query:
@Dashrender said in Email query:
@Carnival-Boy said in Email query:
@scottalanmiller said in Email query:
But with modern security, that's never realistically possible.
Why not?
doing this correctly would mean that the OP would using a sending address that is on the same domain as his email domain that's hosted on O365. O365 will deny emails claiming to be coming from somewhere else for the same domain, because O365 Knows that it's responsible for that domain - it's an antispam thing.
Not if you make a connector as I just listed.
Very nice bro!
Added the last step for the SMTP address. missed that initially.
-
@Dashrender said in Email query:
@Carnival-Boy said in Email query:
Then you could use a different domain address.
Sure, as long as you don't get bit by those other things that Scott mentioned. O365 will be doing pretty much all of them to protect it's uses against spam.
I guess what I'm talking about is Direct Send. Microsoft used to recommend this approach with O365. Are you all saying this is no longer supported, or it is just very unreliable?
-
Note, making a connector in Office 365 is subject to limiters that accept only so many messages in a specified time frame, and also a total cap per day.
It is not a recommended way of handling a mail relay.
It will work fine for @bishnitro's needs though as they are listed as internal only, and I assume low use.
-
@Carnival-Boy said in Email query:
@Dashrender said in Email query:
@Carnival-Boy said in Email query:
Then you could use a different domain address.
Sure, as long as you don't get bit by those other things that Scott mentioned. O365 will be doing pretty much all of them to protect it's uses against spam.
I guess what I'm talking about is Direct Send. Microsoft used to recommend this approach with O365. Are you all saying this is no longer supported, or it is just very unreliable?
So I just used google to check. Direct send is simply setting an SPF record and hoping that Office 365 chooses not to block it. Note their own instructions only say, may help.
-
Yeah, they also say:
Limitations of direct send
Your messages will be subject to antispam checks.
Sent mail might be disrupted if your IP addresses are blocked by a spam list.
Office 365 uses throttling policies to protect the performance of the service.I'm making the assumption that IP address isn't blocked by a spam list and that throttling policies won't feature. Normal antispam checks can be mitigated by whitelisting the domain and adding an SPF record.
-
@Carnival-Boy said in Email query:
Yeah, they also say:
Limitations of direct send
Your messages will be subject to antispam checks.
Sent mail might be disrupted if your IP addresses are blocked by a spam list.
Office 365 uses throttling policies to protect the performance of the service.I'm making the assumption that IP address isn't blocked by a spam list and that throttling policies won't feature. Normal antispam checks can be mitigated by whitelisting the domain and adding an SPF record.
But all of that could be ignored if the crazy application just supported modern email technologies, i.e. username/password for SMTP
-
@Carnival-Boy said in Email query:
Yeah, they also say:
Limitations of direct send
Your messages will be subject to antispam checks.
Sent mail might be disrupted if your IP addresses are blocked by a spam list.
Office 365 uses throttling policies to protect the performance of the service.I'm making the assumption that IP address isn't blocked by a spam list and that throttling policies won't feature. Normal antispam checks can be mitigated by whitelisting the domain and adding an SPF record.
You cannot whitelist the domain. it is already your domain. That is how direct send works.. It will still block it if they want.
-
Then use a different domain, as I suggested earlier. Or whitelist by IP address. Which is really more or less the same as your instructions for creating a connector. You're just allowing non authenticated connections to bypass any filters.
I'm not suggesting Direct Send as a solution, by the way. I'm just questioning why it would fail.
-
@Carnival-Boy different domain can help. But requires buying and maintaining another domain and records. Might be cheaper than a hosted relay but not than a local one.
-
A domain is about 10 bucks a year!
-
@Carnival-Boy said in Email query:
A domain is about 10 bucks a year!
Plus the management of it. and employee is only $10/hr, but the management and cube space and heating and cooling and benefits, etc, etc, etc... make that 10/hr person cost more like $40/hr.
-
@Carnival-Boy said in Email query:
A domain is about 10 bucks a year!
Well we pay more like $20 here. But it's less reliable, in my experience, and only supported by some systems. A relay is much more reliable and is $5/mo or $60/year. Three times the cost, if that is the only cost. But for the reliability and flexibility, I'd more likely go with the relay. And if you run the relay in house, it's free.
-
@scottalanmiller said in Email query:
And if you run the relay in house, it's free.
Hardly free. Roughly how much would you expect an MSP to charge to install, manage, support and patch an on-premise mail relay?
I'm still not sure about the purpose of using a relay. You still have to create a connector in O365 to accept mail from the relay. And you still need to put restrictions in, either by IP address or by a certificate on the relay. So what difference does a relay make compared with just having the application use the connector directly, as suggested by @JaredBusch? The relay seems redundant here.
-
@Carnival-Boy said in Email query:
@scottalanmiller said in Email query:
And if you run the relay in house, it's free.
Hardly free. Roughly how much would you expect an MSP to charge to install, manage, support and patch an on-premise mail relay?
I'm still not sure about the purpose of using a relay. You still have to create a connector in O365 to accept mail from the relay. And you still need to put restrictions in, either by IP address or by a certificate on the relay. So what difference does a relay make compared with just having the application use the connector directly, as suggested by @JaredBusch? The relay seems redundant here.
No you don't. The relay is modern so the relay itself will support logging in Via SMTP. The only reason we're adding a relay is because the software itself does not support this function natively.
-
Oh, ok. I was just following the instructions that @JaredBusch linked to about creating a connector. So you configure Postfix to login in to O365 with a username and password? Nothing needs to be done on O365? Is that simple to do?