Here I can show you how you would setup a device or an application to send email via office 365 as an SMTP relay.
As an example: You have a scanner, and you want to email scanned documents to yourself or someone else. or you have a line-of-business (LOB) application that handles invoicing, like QuickBooks, and you want to configure it to use an Billing account setup as an Office 365 mailbox.
Option 1: Authenticate your device or application directly with an Office 365 mailbox, and send mail using SMTP client submission
This option supports most usage scenarios and it’s the easiest to set up. Choose this option when:
- You want to send email from a third-party hosted application, service, or device.
- You want to send email to people inside and outside your organization.
To configure your device or application, connect directly to Office 365 using the SMTP client submission endpoint smtp.office365.com.
Each device/application must be able to authenticate with Office 365. It can have its own sender address, or all devices can use one address, such as [email protected].
How to set up SMTP client submission
Enter the following settings directly on your device or in the application as their guide instructs (it might use different terminology than this article). As long as your scenario meets the requirements for SMTP client submission, the following settings will enable you to send email from your device or application.
| Device or Application setting | Value |
|---|---|
| Server/smart host | smtp.office365.com |
| Port | Port 587 (recommended) or port 25 |
| TLS/ StartTLS | Enabled |
| Username/email address and password | Enter the sign in credentials of the hosted mailbox being used |
Option 2: Send mail directly from your printer or application to Office 365 (direct send)
Choose this option when:
- SMTP client submission (Option 1) is not compatible with your business needs or with your device. For example, your device or application does not meet the requirements of SMTP client submission, such as TLS support.
- You only need to send messages to recipients in your own organization who have with mailboxes in Office 365; you don’t need to send email to people outside of your organization.
Other scenarios when direct send may be your best choice:
- You want your device or application to send from each user’s email address and do not want each user’s mailbox credentials configured to use SMTP client submission. Direct send allows each user in your organization to send email using their own address. Avoid using a single mailbox with Send As permissions for all your users. This method is not supported because of complexity and potential issues.
- You want to send bulk email or newsletters. Office 365 does not allow you to do this via SMTP client submission. Direct send allows you to send a high volume of messages. Note that there is a risk of your email being marked as spam by Office 365. You might want to enlist the help of a bulk email provider to assist you. For example, they’ll help you adhere to best practices, and can help ensure that your domains and IP addresses are not blocked by others on the Internet.
Settings for direct send
Enter the following settings on the device or in the application directly.
| Device or application setting | Value |
|---|---|
| Server/smart host | Your MX endpoint, for example, xxxxx.mail.protection.outlook.com |
| Port | Port 25 |
| TLS/StartTLS | Enabled |
| Email address | Any email address for one of your Microsoft 365 or Office 365 accepted domains. This email address does not need to have a mailbox. |
We recommend adding an SPF record to avoid having messages flagged as spam. If you are sending from a static IP address, add it to your SPF record in your domain registrar’s DNS settings as follows:
| DNS entry | Value |
|---|---|
| SPF | v=spf1 ip4:<Static IP Address> include:spf.protection.outlook.com ~all |
Option 3: Configure a connector to send mail using Office 365 SMTP relay
This option is more difficult to implement than the others. Only choose this option when:
- SMTP client submission (Option 1) is not compatible with your business needs or with your device
- You can’t use direct send (Option 2) because you must send email to external recipients.
SMTP relay lets Office 365 relay emails on your behalf by using your public IP address (or a certificate) to authenticate Office 365. To do this, you’ll need to set up a connector for your Office 365 account, which is what makes this a more complicated configuration.
Settings for Microsoft 365 or Office 365 SMTP relay
| Device or application setting | Value |
|---|---|
| Server/smart host | Your MX endpoint, e.g. yourdomain-com.mail.protection.outlook.com |
| Port | Port 25 |
| TLS/StartTLS | Enabled |
| Email address | Any email address in one of your Microsoft 365 or Office 365 verified domains. This email address does not need a mailbox. |
If you already have a connector that’s configured to deliver messages from your on-premises organization to Microsoft 365 or Office 365 (for example, a hybrid environment), you probably don’t need to create a dedicated connector for Microsoft 365 or Office 365 SMTP relay. If you need to create a connector, use the following settings to support this scenario:
| Connector setting | Value |
|---|---|
| From | Your organization’s email server |
| To | Microsoft 365 or Office 365 |
| Domain restrictions: IP address/range | Your on-premises IP address or address range that the device or application will use to connect to Microsoft 365 or Office 365 |
We recommend adding an SPF record to avoid having messages flagged as spam. If you are sending from a static IP address, add it to your SPF record in your domain registrar’s DNS settings as follows:
| DNS entry | Value |
|---|---|
| SPF | v=spf1 ip4:<Static IP Address> include:spf.protection.outlook.com ~all |
Compare the options
Here’s a comparison of each configuration option and the features they support.
| SMTP client submission | Direct send | SMTP relay | |
|---|---|---|---|
| Features | |||
| Send to recipients in your domain(s) | Yes | Yes | Yes |
| Relay to Internet via Office 365 | Yes | No. Direct delivery only. | Yes |
| Bypasses antispam | Yes, if the mail is destined for an Office 365 mailbox. | No. Suspicious emails might be filtered. We recommend a custom Sender Policy Framework (SPF) record. | No. Suspicious emails might be filtered. We recommend a custom SPF record. |
| Supports mail sent from applications hosted by a third party | Yes | No | No |
| Open network port | Port 587 or port 25 | Port 25 | Port 25 |
| Device or application server must support TLS | Required | Optional | Optional |
| Requires authentication | Office 365 user name and password required | None | One or more static IP addresses. Your printer or the server running your LOB app must have a static IP address to use for authentication with Office 365. |
| Throttling limits | 10,000 recipients per day. 30 messages per minute. | Standard throttling is in place to protect Office 365. | Reasonable limits are imposed. The service can’t be used to send spam or bulk mail. |
