Setting up “Connector Based” Delivery of Emails from Microsoft 365 Using MX Records

Email solutions are primary and most needed services for an organization irrespective of their business domain and size. Service providers like Microsoft, Google, Zoho etc. are constantly upgrading their systems as per the requirements of the customers. It might happen that you might need to set up email service by compiling more than one service provider as per your company needs. The best way to set up is configuring split delivery service.

What is a “Split Delivery”?

Split delivery of Emails as the name suggests is the process of segregation of the service platform with multiple service providers for one single domain or subdomains. In simple words we can say, setting up multiple hosts within a single service and re-routing the emails to other services. For example, let us assume that your organization is having Microsoft 365 as the primary email service solution. Now, you plan to set up Google Workspace or any other email platform for a certain number of users keeping Microsoft 365 service intact for the existing users, without setting up any account in Microsoft service for the new users. You can achieve the same using the “Split Delivery” mechanism. 

How does it work?

When an email arrives to your mailbox, it takes the address from the DNS panel by performing the MX lookup to reach the destination server. Then the server decides where the email should land. Now for example you have 50 users in Microsoft 365 service and 20 users in Google workspace, but the MX record in the DNS panel is of Microsoft 365 service. Thus the email will come directly to Microsoft server. But the recipient address is not a part of Microsoft 365 service, so the email in this scenario will bounce back. Thus to achieve this we have to instruct the Exchange server that if you don't find the users here, then send the emails to the following connector that contains the MX of the other server (in our case Google Workspace). So the exchange server will redirect the emails through the connectors to the second service provider. Now the second service provider will relay the email to the destination mailbox (If available.).

Prerequisite for the setup:

1. Make sure that the DNS panel is configured correctly with Microsoft 365 records.
2. Merge the SPF records of the secondary service provider with Microsoft 365 SPF records.
3. Make sure that the users do not exist under Microsoft 365 service. (Including Alias address, M 365 Groups and Distribution list). The SMTP address (Email address) must not exist in Microsoft 365 Tenant.

Precautions that need to be taken for the second service provider:

1. Please note down the MX records of the secondary service providers.
2. Make sure that the service provider supports TLS.
3. If you want to set up an on-prem server then use an IP address with TSL and make sure that your ISP supports port 465,993,995,587,25,143.

Set-up procedure:

• Log in to Microsoft admin portal (admin.microsoft.com) and select Exchange in the left hand panel.

• In the Exchange Admin Center, select “Mail Flow” in the left hand side menu. Now select the “Accepted Domains” tab and double click your primary domain name.

• In the pop-up windows set the domain as Internal relay. This will ensure that the email is delivered to recipients in this Exchange organization or relayed to an email server at another physical or logical location.
  • If you have a subdomain and that subdomain is not listed under Microsoft 365 Tenant but you want to set up email delivery for the same then check the “ Accept mail for all subdomains '' option. Selecting this option means that your organization will accept email for all subdomains of this accepted domain. For example, mail will be accepted for abc@mail.infiflexglobal.com which is a subdomain of infiflexglobal.com. Don't select this option if all domains (including subdomains) for your organization are already provisioned.

• Now that we have changed the domain type to Internal Relay from the Authoritative, it's time to set up the connector between the two services. Go to the connector tab under the mail flow menu and select the “+” sign to add a new connector.

• In the pop-up window select the flow condition of the emails. From will be Microsoft 365 and to will be set to Your organization’s email server. Hit next to proceed.

• Now name the connector for identification with a small description (optional) and make sure the two options under “ What do you want to do after the connector is saved? ” i.e. “ Turn it on “ and “ Retain internal Exchange email headers (recommended) “ are checked and proceed further by clicking on Next.

• In the next screen select the option “ Only when email messages are sent to these domains “ and click on the “ + “ to add the domain name and click ok, then next to proceed.

• Now that we have entered the domain name for which we need to set up the split delivery, we now need to enter the smart host for the delivery of the mails to the secondary service. We can specify one or more smart hosts to which Microsoft 365 will deliver email messages. A smart host is an alternative server and can be identified by using a fully qualified domain name (FQDN), MX record or an IP address. Here we will enter the priority 1 MX record of Google Workspace. If you are using any other services, then please enter the record having the least priority. You can find the Google Workspace MX records in the below link:
  • https://support.google.com/a/answer/140034?hl=en

• Keep the TLS enabled as default and proceed by clicking next.

• Now have an overview of the setup and proceed further by clicking next.

• Now to test the connector, Exchange admin connector setup will ask for an email id for a Google Workspace mailbox (Secondary service mailbox). Please make sure the email id that you enter is not a part of any Exchange mailbox.

•  Connector set up will now perform a test deliver of the email to the entered email address to check and finalize the setup.

• On success it will show the following screen below. Click on save and save the connector set up.

• On successful validation you will receive an email in your mailbox of the secondary service.

Please note that after setting up the connector, Exchange servers might take upto 12 hrs for the hydration of the same. Until the hydration process is complete, the connector will not perform any task. To force the changes or accelerate the hydration of the changes that were made, you can use the powershell to connect with Exchange online and run the following commands:

Enable-OrganizationCustomization

Now that we have made the configuration, let us check for whether the delivery is working or not. 

If you face any bounce back error during delivery of the emails, then check the following:

If the error states that the user is not found under recipient domain:

1. Make sure you have converted the domain as Internal Relay from Authoritative.
2. Connector is Turned ON.

If you get the error message stating “Your message wasn't delivered because the recipient's email provider rejected it.”

1. Check the policy of the DMARC record that is associated with your sending domain. If the policy is “ reject “, then please change the same to “ none “.