Just a quick post on SPF and DMARC when you have a domain that’s not used for email. In this scenario mail will never be sent out by any mailserver. If someone does send out email, it is most likely malicious email and can be ignored.
You can add the following records to your DNS:
Receiving mail servers that check for SPF and DMARC will see that it’s not valid and will reject the message.
After building a hybrid Exchange environment as outlined in a couple of previous blog posts we have an Exchange 2013/2016 environment where some Mailboxes exist on-premises and some Mailboxes exist in Exchange Online. Autodiscover is still pointing to the on-premises environment, and so are the MX records. Inbound SMTP mail flow from the Internet is still accessing the on-premises Exchange 2016 Edge Transport servers before being delivered to the intended recipients.
Figure 1. The Exchange hybrid environment with Mailboxes on-premises and in Exchange online.
Continue reading Change SMTP mail flow in hybrid scenario