Office 365 Outbound Email Filtering

This topic outlines the steps to configure outbound mail routing from Office 365 through Cyren.

Prerequisites

By default, emails sent from Office 365 are DKIM signed, using the default domain:

[Customer].onmicrosoft.com

Cyren uses this information to validate the outbound email originated from the sender, and accepts the mail for outbound delivery.

The most reliable way a customer can check that this default DKIM signature is in place, is by inspecting a delivered outbound email, and ensuring that the d= field on the DKIM signature represents [Customer].onmicrosoft.com 

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=[Customer].onmicrosoft.com; s=selector1-company-tld;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

Cyren Cloud Security Configuration

In Settings > Account take a note of your Customer ID (657nnn) in this instance.

In Settings>Email Services>Security>Outgoing Email Hosts add an email host in the following format: 

127.65.7n.nn

Office 365 Configuration Steps

From the Office 365 Exchange Admin Center:

1. Select Mail Flow>Connectors, and add a new Connector.
2. Set From: to Office 365, and To: to Partner Organization, click Next.
   
   

3. Type in a connector name in the *Name field, for example, Outbound Cyren Connector.

   It is mandatory to check the Turn it on checkbox.

   

4. Select Only when email messages are sent to these domains and add an * to the domain list, and click Next.
   
   

5. Select Route through these email smart hosts, and add relay.expurgate.net to the list, and click Next.
   
   

6. Select ‘Always use TLS’, and select ‘Issued by a trusted certificate authority (CA)’, click Next, and once again Next.
   
   

7. In the Validate screen, add an external email address and click Validate.