Support for anonymous inbound email messages over IPv6
Exchange Online Protection (EOP) and Exchange Online support receiving anonymous inbound email messages over IPv6 communications from senders who don't send messages over Transport Layer Security (TLS). You can opt-in to receive messages over IPv6 by requesting this functionality from Microsoft Support by opening the Microsoft 365 admin center at https://admin.microsoft.com/adminportal/home, clicking Support, and then clicking New service request). If you don't opt-in to IPv6 you'll continue to receive messages over IPv4.
Senders who transmit messages to the service over IPv6 must comply with the following two requirements:
The sending IPv6 address must have a valid PTR record (reverse DNS record of the sending IPv6 address).
Meeting these requirements is mandatory regardless of your configuration prior to opting-in to IPv6. If both requirements are met, the message will go through normal email message filtering provided by the service. If one or the other isn't met, the message will be rejected with one of the following 450 responses:
450 4.7.25 Service unavailable, sending IPv6 address [2a01:111:f200:2004::240] must have reverse DNS record.
450 4.7.26 Service unavailable, message sent over IPv6 [2a01:111:f200:2004::240] must pass either SPF or DKIM validation.
If you aren't opted in to receive messages over IPv6 and the sender tries to force a message over IPv6 by manually connecting to the mail server, the message will be rejected with a 550 response that looks similar to the following:
550 5.2.1 Service unavailable, [contoso.com] does not accept email over IPv6.
For more information
Send feedback about: