Configure Microsoft 365 with MailSafi
Incoming filtering
Basic steps to protect your domain:
1. Add a domain via the MailSafi web interface, ensure the destination route is set to the
2. Add a rule to Microsoft 365 to ensure email from the filtering servers is always accepted and not wrongly classified as spam.
3. Change the MX records of the domain in the DNS to point to the MailSafi provided MX record hostnames.
IP based rule to always accept from the filtering servers
In your Microsoft 365 environment, you can create a partner connector and rule to bypass the local spam filtering for the filtering IPs.
1. Log in to the Exchange Admin Center.
2. Click on mail flow > connectors.
3. Click the + (plus sign).
4. Choose Partner organization as the From and Microsoft 365 as the To, then click Next.
5. Give the connector a name, then click Next.
6. Choose Use the sender's IP address then click Next.
7. Add the MailSafi IPs
8. Ensure that Reject email messages if they aren't sent over TLS is ticked and click Next.
9. Verify the settings and click Save.
10. Click on Mail flow > Rules.
11. Under Rules, click on the + (plus button) and choose Bypass spam filtering..
12. Enter a rule name (e.g. Disable filtering for MailSafi).
13. Choose Apply this rule if... > Senders IP Address is in any of these ranges or exactly matches...
14. Add the MailSafi delivery IPs
15. Ensure that Do the following... is set to: Modify the message properties > Set the spam confidence level (SCL) > Bypass spam filtering.
16. Click OK.
17. Click SAVE.
Spam filtering will no longer apply to the filtering servers, avoiding Microsoft 365 to wrongly mark legitimate emails as spam (e.g. because SPF would fail).
Our status page allows you to subscribe to receive a notification of the email address pool changes (not relevant when your service supports an IP range).
X Header based rule to accept email from the filtering servers
The disadvantage of this method is that spammers could technically spoof the header, hence bypassing the build-in filtering. The advantage is that no IP addresses are required to be kept up-to-date
1. Login to the Microsoft 365 "Exchange admin center".
2. In the Dashboard, select Rules in the Mail Flow section
3. Under Rules, click the + button and choose Create a new rule...
4. Enter a Name for your rule, e.g. 'MailSafi spamfilter bypass'.
5. Click More Options.
6. Create Rule "A message header includes"X-Recommended-Action" header includes >> contains "accept".
7. Click +.
8. Click OK.
9. In the "Do the following" part, select "Modify the message properties" > "Set the spam confidence level (SCL)" > "Specify SCL" > "Bypass spam filtering".
10. Click OK.
