Configure Inbound mail on Office 365 to reject non-EMS emails

Updated 2 years ago by admin

You should configure Office 365 to block any inbound email that does not originate from Email Security product.

The recommended approach to this is described below.

  1. Log in to the Office 365 Admin Center, and navigate to Admin Centers and then Exchange.
  2. In the left-hand pane, click Mail Flow and then Rules.
  3. Click + and then click Create a new rule.
  4. In the New Rule page, enter a Name to represent the rule. For example, CloudUSS EMS IP restriction.
  5. Scroll down and click More options.
  6. From the Apply this rule if drop-down menu, select The Sender and then Is Located... and then Outside the organization.
  7. From the Do the following drop-down menu, select Reject the message with the Explanation...
  8. Click Enter text and enter the message that you want to include in the non-delivery report (NDR) that will be sent to the email's sender. For example:
IP restricted, not using MX record. Please ensure your DNS is up-to-date and try sending this message again.
  1. Click Add exception.
  2. Select Sender and then Sender's IP address is in the range or exactly matches, and enter the Cloud USS IP for your cluster - Europe, United States, United Arab Emirates.
  3. Click + to add each of the IP addresses for your region.
  4. Once all the IP addresses have been added, click OK.
  5. Click on Add Exceptions to add an Or logic condition and add A message header includes... and the value X-MS-Exchange-Inbox-Rules-Loop and add your email domain name to the header content value.
  6. Scroll to the Properties of the rule section. Under Match sender address in message, select Header or Envelope.
  7. Click Stop processing more rules.
  8. Click Save.
  9. Verify that the new rule displays at the top of the list of mail flow rules. If it's not at the top, select the rule and use the Up arrow to move it.

Office 365 is now configured to block any email that does not originate from EMS.0


How did we do?