Mail Flow Best Practices for Exchange Online or Microsoft 365 (Office 365)

Exchange Online, which resides on the Microsoft public cloud and forms a part of the Microsoft 365 or Office 365 family, is the email backbone of the system which offers scalability, security, and a highly available email infrastructure. One of the biggest benefits is its ability to seamlessly integrate with productivity tools of Microsoft, like Groups, Team, SharePoint Online, OneDrive, and other advanced security features, such as Defender for 365 and Sentinel.

In a nutshell, Exchange Online is the cloud-hosting email service that offers powerful features for email management and can also work in tandem with the local Exchange Server. As it is a cloud-based service, there is no need for the maintenance of servers, setting up and managing a high-available system, and hosting of the Exchange Server from administrators. Apart from that, there are a lot of security and monitoring features that you need to do as Microsoft only offers shared responsibility. In addition, some of the operations should be controlled and secured by the company.

Importance of Effective Mail Flow in Exchange Online

Mail flow refers to the sending, receiving, and filtering of emails, including internal emails, emails sent on your behalf from multi-function devices, and across networks. It is very important to manage and secure the mail flow and ensure that messages are delivered promptly and without interruption. A proper mail flow ensures the following:

  • Reliability: Prevent delays or disruption.
  • Security: Reduce risks of phishing, spoofing, and other malware messages.
  • Compliance: Comply with regulations, such as GDPR, NIS2 and HIPAA.
  • Leak Prevention: Prevent data from being stolen and used for further phishing and malicious intent, when mailboxes or systems are compromised.

Possible Exchange Online Mail Flow Scenarios

There are different types of setups when having an Exchange Online tenant. Let’s take a look at them.

Standalone Exchange Online

In a standalone Exchange Online setup, there are two options to control the email security and filtering. You could have Microsoft 365 to host all the email services and the Microsoft tools, like Defender for 365 or Sentinel to control and secure the emails. Another option is to use third-party cloud services, in which all emails are first received by the third-party, filtered for spam and malware, and then cleaned emails are passed to Exchange Online.

Hybrid Setup

In a hybrid setup, you can have a local Exchange Server where the incoming/outgoing emails are passed through the local server and with local filtering system or a third-party application will sanitize the emails. Once this sanitization is complete, these are passed to the mailboxes which could be local (for archiving or audit purposes) or in Exchange Online. The other scenario would be vice-versa, where the incoming/outgoing emails are firstly delivered to the Exchange Online.

Other Setups

Apart from standalone Exchange Online or Hybrid setup, you can also consider third-party systems, which can send emails on-behalf of the domain hosted on a local server or Exchange Online. Such systems would include emailing signature systems, websites, applications/services, fax machines, scanners, monitoring systems, alarms, and other multi-function devices. It’s important that these are secured and allowed in the Exchange Online connector and in the SPF record of the external domain in use.

Best Practices to Manage Mail Flow in Exchange Online (Microsoft 365)

Let’s look at the options which could be used to manage mail flow in Exchange Online or Microsoft 365.

Domains and DNS

To understand the mail flow of the Exchange Online, you must understand the required DNS records and their purpose. The domain DNS, hosted on Microsoft 365 or a third-party hosting provider, must have the follow DNS entries to ensure mail flow. For other applications, other DNS records are needed. However, here, we will discuss the records related to mail delivery part.

MX Record

The MX (Mail Exchanger) record is important for routing emails to the destination. When the domain is queried (where to deliver an email message), the MX record will point to Microsoft 365. If this record is not set correctly or is removed for any reason, no incoming emails will be delivered. Here is an example of this record:

Hostname: contoso-com.mail.protection.outlook.com
Priority: 0
TTL: 1 hour

SPF Record

The SPF (Sender Policy Framework) record is a type of TXT record that is used to validate the origin of the email’s IP address, if it really belongs to the company and it is coming from the right email server. This record helps to prevent any impersonation or spoofing of domains and email addresses. It contains the allowed IP addresses or services which can send emails on behalf of your company/domain. Here is a sample of SPF record:

Hostname: @ or *
Type: TXT
Value: V=spf1 ip4:11.18.11.22 include:spf.protection.outlook.com ~all

DKIM Record

The DKIM (DomainKeys Identified Mail) record allows Exchange Online to attach a digital signature in the message header to all outgoing emails. Once the email is received by the recipient, it will check the digital signature to determine if the received email is legitimate or not.

DMARC

The DMARC (Domain-based Message Authentication, Reporting and Conformance) record determines what to do with the incoming emails that fail the SPF or DKIM. This provides a level of trust between the source and the destination, and increase the reputation.

Key Challenges of Exchange Online

Microsoft follows a shared responsibility model with Office 365/Microsoft 365 where it defines the responsibilities of the security and operation between Microsoft and the customer. The customer is responsible for the Data Protection, Access Management, Security Policies, Compliance, and Governance. Apart from that, the customer is also responsible of the integrity and methods of data migration from a local Exchange Server to Exchange Online.

Data Migration to Exchange Online

The success of data migration is important for proper mail flow on Exchange Online. Having one solution for the migration of user mailboxes, user archives, shared mailboxes, and public folders is key for smooth migration. For this, you can take the help of specialized Exchange migration tools. One such tool is Stellar Migrator for Exchange - an all-in-one migration tool that can be used for local Exchange Server to Exchange Online migration and vice-versa, and even Microsoft 365 tenant-to-tenant migration. It supports all Exchange Server versions and different ways to migrate data - be it cutover, staged, or hybrid.

Conclusion

Above, we have seen how important it is to have a smooth mail flow in Exchange Online. We also discussed the importance of having the right DNS entries. Although you would have a solid Exchange Online setup, if your DNS records are not setup correctly, this will affect the mail flow. We also talked about the responsibilities that a Microsoft customer must take care of and the importance of successful migration to Exchange Online, which would include data migration, configuration, and security.


Was this article helpful?
yes YES45
NO NO0
About The Author
author image
Anubhuti Sinha linkdin Icon

Anubhuti is a tech enthusiast with deep expertise in Microsoft Exchange Server.

Table of Contents
Related Articles
Stellar Article

File Conversion

Minimal Hybrid vs Full Hybrid: A Detailed Comparison
  • May 26, 2025
  • eye7 min read
Stellar Article

File Conversion

How to Ensure Mail Delivery to Office 365 after Migration?
  • May 14, 2025
  • eye7 min read
Stellar Article

File Conversion

How to Migrate Exchange Server 2019 to Office 365?
  • May 26, 2025
  • eye7 min read

WHY STELLAR® IS GLOBAL LEADER

Why Choose Stellar?

  • 0M+

    Customers

  • 0+

    Years of Excellence

  • 0+

    R&D Engineers

  • 0+

    Countries

  • 0+

    PARTNERS

  • 0+

    Awards Received