Email query
-
@Carnival-Boy said in Email query:
@scottalanmiller said in Email query:
But with modern security, that's never realistically possible.
Why not?
Lots of reasons, all around security and stopping spam, none of these are 100%, but most are like 95% true and with the overlap, it's nearly 100% that it would cause an issue:
- Port 25 is not always used any longer, it's one of three main ports.
- TLS is often required.
- SPF records are sometimes required.
- Reverse lookups almost always need to work.
And more. Accepting email from "just anywhere" isn't done any longer. At a minimum most sites need to be set up as the official email system for the domain in question. Getting email to the big boys that represent most of the market (MS, Google, etc.) is even harder.
-
If you don't have all of these things, then some systems will allow you to connect as an authenticated user, if you have an account on that system, which is what we are trying to do here. But the issue is that the proprietary software doesn't allow for the user to log in on the email system so that doesn't work.
-
@Carnival-Boy said in Email query:
@scottalanmiller said in Email query:
But with modern security, that's never realistically possible.
Why not?
doing this correctly would mean that the OP would using a sending address that is on the same domain as his email domain that's hosted on O365. O365 will deny emails claiming to be coming from somewhere else for the same domain, because O365 Knows that it's responsible for that domain - it's an antispam thing.
-
Then you could use a different domain address.
-
@JaredBusch said in Email query:
I guess you could actually just create an anonymous receive connector in Office 365 and restrict it to your public IP.
- Sign in to Office 365
- Go to Exchange Admin
- Select Mail Flow
- Select Connectors.
- Click the Plus
- These options to get past the stupidity filter
- Name it
- Click the second radio button to require an IP and click the plus.
- Enter your public subnet for the office
- Click next
- Verify and click save
- There you go.
- Set said shitty app to use FQDN.mail.protection.outlook.com for the SMTP server
- mine would be bundystl-com.mail.protection.outlook.com
-
@Dashrender said in Email query:
@Carnival-Boy said in Email query:
@scottalanmiller said in Email query:
But with modern security, that's never realistically possible.
Why not?
doing this correctly would mean that the OP would using a sending address that is on the same domain as his email domain that's hosted on O365. O365 will deny emails claiming to be coming from somewhere else for the same domain, because O365 Knows that it's responsible for that domain - it's an antispam thing.
Not if you make a connector as I just listed.
-
@scottalanmiller said in Email query:
- SPF records are sometimes required.
You can create an SPF record for the IP address of the application sending the e-mail.
-
@Carnival-Boy said in Email query:
@scottalanmiller said in Email query:
- SPF records are sometimes required.
You can create an SPF record for the IP address of the application sending the e-mail.
Yes, if you have a static IP address.
-
@Carnival-Boy said in Email query:
Then you could use a different domain address.
Sure, one that you are going to be an authoritative email host for.
-
@Carnival-Boy said in Email query:
Then you could use a different domain address.
Sure, as long as you don't get bit by those other things that Scott mentioned. O365 will be doing pretty much all of them to protect it's uses against spam.
-
@JaredBusch said in Email query:
@Dashrender said in Email query:
@Carnival-Boy said in Email query:
@scottalanmiller said in Email query:
But with modern security, that's never realistically possible.
Why not?
doing this correctly would mean that the OP would using a sending address that is on the same domain as his email domain that's hosted on O365. O365 will deny emails claiming to be coming from somewhere else for the same domain, because O365 Knows that it's responsible for that domain - it's an antispam thing.
Not if you make a connector as I just listed.
Very nice bro!
-
@Carnival-Boy said in Email query:
@scottalanmiller said in Email query:
- SPF records are sometimes required.
You can create an SPF record for the IP address of the application sending the e-mail.
Well first, you will have to have a second domain that is not controlled by Office 365.
Then you have to make an SPF on said second domain.
Then you have to train users not to ignore it as spam. -
@Dashrender said in Email query:
@Carnival-Boy said in Email query:
Then you could use a different domain address.
Sure, as long as you don't get bit by those other things that Scott mentioned. O365 will be doing pretty much all of them to protect it's uses against spam.
Yup, same reasons that we say to not run your own in house email servers in general. Some people get lucky and it just works. Others can never get reliable email delivery. Tons of IP addresses like most cloud hosts and most normal connections are black listed by the big carriers to avoid spam. So sometimes nothing you do as a small email player matter. Other times, it just works. You take your chances.
-
@Dashrender said in Email query:
@JaredBusch said in Email query:
@Dashrender said in Email query:
@Carnival-Boy said in Email query:
@scottalanmiller said in Email query:
But with modern security, that's never realistically possible.
Why not?
doing this correctly would mean that the OP would using a sending address that is on the same domain as his email domain that's hosted on O365. O365 will deny emails claiming to be coming from somewhere else for the same domain, because O365 Knows that it's responsible for that domain - it's an antispam thing.
Not if you make a connector as I just listed.
Very nice bro!
Added the last step for the SMTP address. missed that initially.
-
@Dashrender said in Email query:
@Carnival-Boy said in Email query:
Then you could use a different domain address.
Sure, as long as you don't get bit by those other things that Scott mentioned. O365 will be doing pretty much all of them to protect it's uses against spam.
I guess what I'm talking about is Direct Send. Microsoft used to recommend this approach with O365. Are you all saying this is no longer supported, or it is just very unreliable?
-
Note, making a connector in Office 365 is subject to limiters that accept only so many messages in a specified time frame, and also a total cap per day.
It is not a recommended way of handling a mail relay.
It will work fine for @bishnitro's needs though as they are listed as internal only, and I assume low use.
-
@Carnival-Boy said in Email query:
@Dashrender said in Email query:
@Carnival-Boy said in Email query:
Then you could use a different domain address.
Sure, as long as you don't get bit by those other things that Scott mentioned. O365 will be doing pretty much all of them to protect it's uses against spam.
I guess what I'm talking about is Direct Send. Microsoft used to recommend this approach with O365. Are you all saying this is no longer supported, or it is just very unreliable?
So I just used google to check. Direct send is simply setting an SPF record and hoping that Office 365 chooses not to block it. Note their own instructions only say, may help.
-
Yeah, they also say:
Limitations of direct send
Your messages will be subject to antispam checks.
Sent mail might be disrupted if your IP addresses are blocked by a spam list.
Office 365 uses throttling policies to protect the performance of the service.I'm making the assumption that IP address isn't blocked by a spam list and that throttling policies won't feature. Normal antispam checks can be mitigated by whitelisting the domain and adding an SPF record.
-
@Carnival-Boy said in Email query:
Yeah, they also say:
Limitations of direct send
Your messages will be subject to antispam checks.
Sent mail might be disrupted if your IP addresses are blocked by a spam list.
Office 365 uses throttling policies to protect the performance of the service.I'm making the assumption that IP address isn't blocked by a spam list and that throttling policies won't feature. Normal antispam checks can be mitigated by whitelisting the domain and adding an SPF record.
But all of that could be ignored if the crazy application just supported modern email technologies, i.e. username/password for SMTP
-
@Carnival-Boy said in Email query:
Yeah, they also say:
Limitations of direct send
Your messages will be subject to antispam checks.
Sent mail might be disrupted if your IP addresses are blocked by a spam list.
Office 365 uses throttling policies to protect the performance of the service.I'm making the assumption that IP address isn't blocked by a spam list and that throttling policies won't feature. Normal antispam checks can be mitigated by whitelisting the domain and adding an SPF record.
You cannot whitelist the domain. it is already your domain. That is how direct send works.. It will still block it if they want.
