Configuring the sender domain as an accepted domain
Applies to: Exchange Online, Exchange Online Protection
In order to verify that a message is indeed sent from your own email server (also called an on-premises server) and that the message sender is truly from your organization, Office 365 requires you to create a connector. You can create this connector by choosing the mail flow direction From as Your email server and To as Office 365. This is necessary because SMTP does not protect a sender domain, which can be spoofed. In addition, Office 365 also verifies that the sender domain is an accepted domain for your organization before accepting messages from your own email server. To help you achieve this, the connector will verify the domain that email messages are coming from after you choose a setting on the How should Office 365 identify email from your email server? page.
Accepted domains and mail flow
A connector can help you control the flow of messages, but this is not the only setting that lets people receive email. There are several other setup steps required in order to allow users in your domain to successfully send and receive email. For example, the users in your domain can only send and receive email if their mailboxes are part of a domain that has been added to Office 365. A domain that you add is referred to as an accepted domain. Typically the Admin would use the Office 365 setup wizard to add a domain, verify ownership, and set up Office 365 services. You can also check which domain is an accepted domain at the Manage domains page from the Office 365 admin center. For the purposes of this connector, use an accepted domain on the How should Office 365 identify email from your email server? page. You can learn more about accepted domains at Manage Accepted Domains in EOP.
How Office 365 identifies your email server
If you choose to verify the subject name on a digital certificate, then this connector will check whether the subject name in the sending server's digital certificate matches the domain name that you provide during connector setup. For more information, see Identifying email from your email server. If you choose to verify the IP address of the sending server, then this connector will check whether the sending IP address matches an address that you provide. If any of your conditions are not met by an incoming message, it is rejected.