- Newest
- Most votes
- Most comments
O365/Exchange allow for foreign servers to be designated as internal to the environment, allowing them to bypass filtering.
The IP address of the SES endpoint would be added to the allow list as described here: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-the-connection-filter-policy?view=o365-worldwide
Other considerations: Including SES in the customer SPF/DKIM/DMARC records. Each of these impacts whether an email sender is considered to be spoofed.
It is something to test in stages to avoid issues, but definitely not an uncommon configuration.
The accepted answer to this question may be out of date.
When you send mail from SES using your verified domain identity, the messages are DKIM signed and will pass the DMARC policy for the domain.
The question of whether Office 365 Exchange Online will honor the authentication results for a domain that is also configured within the tenant may depend on how the tenant is configured, or the behavior may have changed since this question was first asked and answered.
Please read this Microsoft article
Under section: Create allow entries for spoofed senders. "Allow entries for spoofed senders take care of intra-org, cross-org, and DMARC spoofing. Only the combination of the spoofed user and the sending infrastructure as defined in the domain pair is allowed to spoof."
Sending infrastructure can be identified by: "A verified DKIM domain"
Relevant content
- asked 3 years ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 days ago
- AWS OFFICIALUpdated 9 months ago