0

I currently have a customer (COMPANY) who has to (by contract) use the IMAP mailboxes provided by their business partner (PARTNER). On the other hand, they want to use MS Exchange (which PARTNER does not offer) via the Office 365 business essentials product.

So the basic and obvious idea was to ask PARTNER to forward their mail (sent to user@partner.com) to COMPANY's own addresses (user@company.com) instead of storing it in the IMAP mailboxes previously mentioned.

The problem seems to be on the outgoing side. I have looked into this in a test setup a little and I don't see any way to either

  • configure Exchange so it accepts and sends outgoing mail with the user@company.com mail address (I'm receiving a delivery failure notification indicating I don't have permission to "send via the specified user").
  • configure Outlook clients so they send outgoing mail via partner.com 's MX server instead of via it's own infrastructure (there's no such setting).

So (how) can this be done at all?

COMPANY has full DNS control for company.com but of course not for partner.com.

Michael Jaros
  • 103
  • 3

1 Answers1

1

There is no simple answer to this question and I don't think you will be able to work in the way that you want with Office365.

At its most basic, you want to spoof the other domain. That isn't something that is acceptable behaviour - most spam is spoofed and if the other party has their domain setup correctly they should have spoofing mechanisms blocked.

You could ask them to add in the Office365 servers to their SPF records, but they are probably unlikely to want to do that.

If this was your own Exchange server then you could configure Exchange to send email out as the other domain without any interaction from the primary domain (although there are very questionable ethics involved), but with Office365 this isn't going to be possible.

While you could setup a custom send connector, that will only authenticate for a single user, and still doesn't allow you to actually set the outbound domain on the accounts correctly. Therefore the email will still go out with the wrong domain.

I think you are pretty stuck, particularly if the other side doesn't want to cooperate.

Sembee
  • 2,854
  • 1
  • 7
  • 11
  • Thanks for the extensive reply. I just want to note that COMPANY is allowed to send mails from PARTNER's domain via their SMTP server anyway, and that is the only reason why I considered spoofing (for the very same user accounts) acceptable (from an ethical, not a technical point of view) in the first place. PARTNER does not have SPF or DKIM in place. As far as I can tell from outside, their IT suffer from a lack of resources. – Michael Jaros Nov 24 '17 at 13:33