Symptoms
When you send mail through Exchange Online Protection (EOP) in Microsoft Office 365, you may experience one of the following symptoms:
-
The Return-Path address is incorrect.
-
An email message that's sent to a particular external domain is not delivered.
-
You receive a non-delivery report (NDR) from external domains that verify the address. If the From field and the value that's specified in the MAIL FROM command or the Return-Path address don't match, you may receive an NDR together with an error code that resembles one of the following:
-
#< #5.0.0 smtp;554 failed MAIL FROM verification with the FROM field in message header.> #SMTP#
-
"553 5.1.8 Domain of sender address does not exist"
-
#< #5.1.0 smtp;553 5.1.0 mgd.contoso.com does not exist>
-
<#5.7.1 SPF unauthorized mail is prohibited)>
-
"5.1.1 RESOLVER.ADR.RecipNotFound"
-
"5.1.1 RESOLVER.ADR.RecipientNotFound"
-
Cause
The sender’s object is synced to Windows Azure Active Directory (WAAD) by using Microsoft Azure Active Directory Sync (DirSync). This issue occurs if one or more of the following conditions are true:
-
The primary SMTP address may not be configured correctly in the source Active Directory site.
-
Some external domains may not deliver mail or may reject mail if the address in the From field doesn't match the Return-Path address.
Resolution
Make sure that the WindowsEmailAddress parameter of the mail user object in WAAD is valid. A valid address should contain an externally routable domain in the suffix and should match the intended primary SMTP address. This value of the parameter should be the address that the user wants external recipients to see and to use when they reply.
The primary SMTP address is synchronized with WAAD by DirSync by means of the following logic:
-
If there is a value for the primary SMTP address in the proxyAddresses attribute, Office 365 uses it to determine the appropriate primary SMTP address in WAAD. If Office 365 does not recognize the domain part of the email address, the alias part is used, and the default domain (for example, "@domain.onmicrosoft.com") is appended to it.
-
If no email addresses are listed for a user in the proxyAddresses attribute, Office 365 uses the value of the user’s mail attribute. If Office 365 does not recognize the domain part of the email address, the alias part is used, and the default domain (for example, "@domain.onmicrosoft.com") is appended to it.
-
If no email addresses are listed for a user in the proxyAddresses attribute or if there's no value for the mailattribute, the alias part of the user principal name is used, and the domain value is assigned as the default domain (for example, "@domain.onmicrosoft.com").
-
If there is a value for only the secondary smtp:user@domain.com address in the proxyAddresses attribute, Office 365 uses that value to calculate a primary SMTP address. The alias part is used, and the default domain (for example, "@domain.onmicrosoft.com") is appended to it. The value that appears in WAAD uses the following format:
SMTP:user@domain.onmicrosoft.com
-
If there are both an SMTP address and an smtp address in the ProxyAddresses attribute, any value that's defined in the mail attribute is also added as a secondary smtp address.