I'm trying to follow Microsoft's advice on disabling Direct Send in our Exchange Online environment. We implemented their recommended commands but have come across several incoming messages that can't be filtered because they appear to be sent via Direct Send. Our goal is to prevent these from causing issues for our end users. The problem we're facing involves using Paubox for email. Despite using their API for sending messages, any email received at one of our addresses from them comes directly through our tenant and gets blocked since Direct Send is set to reject mode. Has anyone else dealt with this issue and can offer advice on how to fix it? All our DNS records are correctly configured for routing messages, so I'm puzzled about what's going wrong.
5 Answers
Another option is to allow Direct Send but create an inbound connector that secures it, either by IP address or certificate. That way, you could still keep some security in place.
To effectively disable Direct Send, you might need to set up an inbound connector that's configured to accept emails from Paubox's IPs and marked as trusted. Currently, since their SPF and DKIM records are set up in your DNS, it's likely that their emails are trying to relay through your published MX records, which isn't working correctly with Direct Send disabled. Setting the connector should allow proper delivery.
Have you considered creating an inbound connector specifically for Paubox? This way, you can designate their IP addresses as trusted, allowing their messages to be treated as internal without triggering the Direct Send rejection. This should help with the situation you're facing.
I tried creating a connector before, but it didn't work out. I wonder if the command I used to disable Direct Send is causing issues. I'll give it another shot though.
Have you tried reaching out to Paubox's support team about this? This must be a common issue as many others are likely dealing with the Direct Send changes too.
We have, but they keep saying it's something on our end and that they don’t send via Direct Send.
I'm not sure why you linked that Google share instead of the direct Microsoft Tech Community link. It would have saved some time for others trying to follow along!
Thanks for the suggestion! I'll test this out and see if it resolves the issue.