Outbound Smarthost
This guide outlines how to enable Outbound Scanning from the customer portal.
This is only available for Mesh Gateway and Mesh Unified customers.
Step 1: Customers page
Navigate to the “Customers” page in the navigation bar.
Step 2: Login as
Select the “Login as” button for the customer you wish to setup.
Step 3: Outbound Smarthost
Once logged in, select the “Settings” page in the nav bar and open the “Outbound Smarthost” tab.
Step 4: Enable Slider
Enable the Outbound Status slider and click save.
Once enabled, it may take up to 15 minutes for the domain to be fully activate. It is recommended to wait this length of time before sending emails outbound to avoid any delivery issues.
Step 5a: O365
If you are using O365, you can move onto setting up your SPF records and Outbound connector.
Step 5b: Exchange/On-premise
If you are using Exchange or another service, please enter the public IP addresses the organisation will send emails from.
Step 6: SPF Records
Update SPF records to include the following depending on your region:
Service Region | SPF Record |
|---|---|
Europe | include:spf1.emailsecurity.app |
United States | include:spf1.emailsecurity.app |
This step is different per domain provider so you will need to consult their documentation if you require additional help.
Mesh does not modify the contents of outbound emails meaning the DKIM signature generated by your mail provider will remain valid. You do not require a DKIM key from Mesh.
If using Microsoft 365, we recommend following this guide:
Step 7: Connector Setup
If using O365 or Exchange, please consult our O365/Exchange Outbound setup guide.
Configure Outbound Filtering for Mesh in Office 365/Exchange Admin
If using O365 or Exchange with Exclaimer, please consult our O365/Exchange Outbound setup guide.
Configure Outbound Filtering for Mesh in Office 365/Exchange Admin with Exclaimer
If you are using Google Workspace, please consult our Google Workspace Outbound setup guide.
Optional Outbound Settings
These are optional settings that you can use depending on your domain’s setup. You may not need to use them but they provide extra flexibility if required.
Outbound Sources
The outbound sources feature allows you to specify a public IP addresses that your organization sends email from. This can be useful if they are using third party tools to send messages.
O365 customers do not need to include O365 IP ranges. This is done automatically.
If using a third party software, connections to the smarthost should use port 25 with no authentication. You can find your region specific smarthost here: https://docs.emailsecurity.app/help-center/connection-details
Sender Relay
The Sender Relay option allows sending domains to be forwarded to a 3rd party destination for further relay. For example, a branding product or encryption service.
Auto Forward
An “Auto Forward” rule allows outbound email that has been sent via an auto forwarding rule on your mail host without the need for a rewrite. This is required because the sending domain will typically not be your own domain. Emails can retain the original envelope address rather than a typical forwarding path which would require an additional user at your domain.
By specifying the destination address, we allow you to make an exception. The reason for using the recipient address rather than the sending address is because it is common for a sending address to be random.
If an email has originated from Microsoft’s high risk delivery pool, traffic will NOT be accepted by our smarthost and a NDR will be generated. More information about Microsoft’s high risk delivery pool can be found here: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/outbound-spam-high-risk-delivery-pool-about?view=o365-worldwide#relay-pool.
If this is occurring for an autoforward, we recommend creating a mailflow rule to bypass our smarthost.
You’re all set