Configure Enhanced Filtering with Exchange Online


In most cases, the inbound connector to Microsoft 365's Exchange Online to secure mail flow from Mailprotector is sufficient. Emails arriving from Mailprotector often fail SPF and DMARC validation performed by Exchange Online Protection (EOP) or Microsoft Defender. Since the inbound connector establishes a trusted connection, this does not create a problem.

If there is a need to also use EOP or Microsoft Defender as a second filter of messages, configuring Enhanced Filtering will be required. The feature provides Microsoft with gateway IP information to properly perform SPF, DKIM, and DMARC evaluations when messages come through Mailprotector first.

WARNING: Configuring Enhanced Filtering for connectors increases the chances that Microsoft's filters will put emails into the Junk Email folder. Microsoft will perform stricter filtering of emails when the gateway IP addresses are identified. Mailprotector has no control or influence on Microsoft's filtering actions. Users must be aware that emails can be held in Mailprotector's quarantine or the Junk Email folder of Outlook.


  1. Configure and implement the inbound connector per the instructions - Office 365 - Inbound Connector. If you do not create the inbound connector, the skip listing option will not be available in Step 2.
  2. Please complete the configuration by following the instructions for Enhanced Filtering for Connectors in Exchange Online. For more information or questions, please get in touch with Microsoft support.

Gateway IP Addresses

One of the steps in the configuration requires adding all the IP addresses used between the sending source and Mailprotector's gateway. The following list of IP addresses needs to be added to the IP addresses to skip list.

NOTE: Best practice is not to configure EOP or Microsoft Defender as a secondary email filter. The default settings typically work well. These instructions are a courtesy for those partners and their clients that deem using Microsoft's email filtering in addition to Mailprotector as a necessity. Mailprotector can only support the hops through the CloudFilter secure email gateway. Once emails are delivered to Exchange Online, you will need Microsoft support for further assistance.

Have more questions? Submit a request