Microsoft has announced that it will soon update its Exchange Online SMTP relay requirements to improve security and reliability. The changes will affect customers who use SMTP relay to send emails from devices or applications that are not compatible with Microsoft 365 or Office 365.
SMTP (Simple Mail Transfer Protocol) relay is a service that allows devices or applications to send emails through an email server without requiring authentication. This is useful for scenarios such as sending notifications from printers, scanners, fax machines, or web applications.
The new requirements will remove the matching condition for the SMTP P2 sender domain. This means that organizations will be able to relay email through Exchange Online even if the SMTP P2 sender domain does not match the domain of the sending server. However, the SMTP HELO/EHLO domain and the SMTP client must still be authenticated.
Microsoft has stated that the update is being made to improve security and to prevent unauthorized access to Exchange Online. The company has also said that the update will not affect most organizations. However, organizations that rely on SMTP relay for non-delivery reports (NDRs) or other services may need to make changes to their configurations.
Updating Exchange Online SMTP Requirements
“Current Requirements
- Any of the following is an accepted domain of your organization:
– SMTP certificate domain on the SMTP connection; or
– SMTP envelope sender domain in the MAIL FROM command (P1 sender domain); or
– SMTP header sender domain, as shown in email clients (P2 sender domain). - The sending host's IP address or the certificate domain on the SMTP connection matches your tenant's Inbound Connector of OnPremises type.
New Requirements
On November 1, 2023, we are removing the matching condition for the SMTP P2 sender domain (1c above). After we remove this condition, relaying email through Exchange Online will require the following:
- Any of the following is an accepted domain of your organization:
– SMTP certificate domain on the SMTP connection; or
– SMTP envelope sender domain in the MAIL FROM command (P1 sender domain). - The sending host's IP address or certificate domain on the SMTP connection matches your organization's Inbound Connector of OnPremises type.
After November 1, 2023, if either of the above conditions are not met, the relay attempt from your on-premises environment to Exchange Online will be rejected.”
Changes Coming the Fall, Microsoft Urges Organizations to Prepare
These changes will take effect on November 1, 2023. Customers who do not comply with the new requirements by then will not be able to send emails using Exchange Online SMTP relay. Microsoft recommends customers to test their devices and applications for compatibility and update them if needed before the deadline.
Microsoft also provides some alternatives for customers who cannot use Exchange Online SMTP relay, such as using Microsoft Graph APIs, direct send, or authenticated client submission. The update to the Exchange Online SMTP relay requirements is a security measure that is designed to protect your organization's email system.