• SMTP Auth
• Direct Send
• SMTP relay

SMTP Auth

If you can deal with Modern Authentication in the form of OAuth, this option provides you with the most reliable email delivery. And you do need a licensed mailbox to send emails from.

Direct Send

Direct Send doesn’t require SMTP Auth, nor a licensed mailbox. All you need is to specify your own MX endpoint as the mail server or smart host with an unblocked Port 25, you are all set to send emails to recipients in your own organization. Adding an SPF record to avoid having the message flagged as spam is recommended but not required.

v=spf1 ip4: include:spf.protection.outlook.com ~all

SMTP Relay

If you need to send emails to external recipients, or not every device on your network has Port 25 open or allowed, SMTP Replay could be your answer. The basic setup is the same as the Direct Send but you do need to set up a Mail Flow connector first, whether it’s certificate-based or IP-based.

Obviously, an IP-based connector is much easier.

And again, SPF is highly recommended to avoid your messages being trapped in the spam folder.

Dig it a little deeper by performing a MX lookup to all these domains that we had problem sending emails to and found out that pretty much all of them have secureserver.net associated as their MX records. Meaning that emails sent to their inboxes have to go through and pass secureserver.net.

And one of the requests in order to get pass secureserver.net is that IP address of sender’s email server has to have a valid Reverse DNS entry associated. The email won’t get rejected right away if the sender’s IP address doesn’t meet this requirement. It will be delayed and put in the message queue first to give you more time to fix the issue. And if the problem is still not resolved before the message expires, an NDR email will be sent to sender.

That makes sense. We have recently changed ISP and had one new external IP address assigned to our mail server. And one thing I totally forgot is to check this Reverse DNS. Once I got my ISP to change it to what I wanted, emails started to flow to these domains again. Problem solved!

So if you relay all your emails to your ISP before they are sent out, you actually don’t need to worry about it because they all have the proper Reverse DNS entry set up to IP addresses that belong to them.

But if your email setup like ours that all emails are sent out directly from our email server, then you will have to make sure you have the proper Reverse DNS set up on the IP addresses that are responsible for sending emails. Here is the guideline from unblock.secureserver.net.

Verify that your rDNS contains a name that includes "mail", "SMTP", "relay", or "MX". For example: mail.example.com, smtp.example.com, or mx1.example.com.