How to exclude an email address or domain from ESM outbound filtering routing

This configuration allows you to bypass the outbound filtering applied by the default outbound connector by implementing specific routing for certain email addresses or domains.

Emails sent from defined addresses (such as invoice@domain.onmicrosoft.com) will be routed directly through Microsoft 365 relays, without passing through the outbound filtering gateway (smtp.security-mail.net).

However, we cannot guarantee message deliverability in this case, since the optimal configuration is not applied across the entire tenant.

We recommend that these settings be validated by your organization’s network administrator before implementation. We cannot be held responsible for any relaying or filtering issues in this context.

Step 1: Create a Specific Connector

For example, for the address specific@domain.onmicrosoft.com or another address.

Access the Exchange Admin Center

  • Sign in to the Exchange Admin Center.

  • Go to Mail flow > Connectors.

  • Click "+" to create a new connector.

Configure the Connector

  • From: Office 365

  • To: Partner organization

  • Name: “Direct Microsoft 365 Routing – Invoice”

  • Status: Enabled

Define the Routing

Choose “Route email directly using DNS MX records”, in this case smtp.office365.com.

Do not add a specific smart host, as this would force the use of Microsoft 365 relays.

Save the Connector

Below is an example of a connector:

Then, define a rule to route emails from the specified address through the new connector, ensuring they use Microsoft 365 routing instead of Secuserve routing.

Step 2: Access the Exchange Admin Center

  • Sign in to the Exchange Admin Center.

  • In the left menu, click Mail flow > Rules.

  • Click "+" to create a new rule.

Step 3: Configure the Rule

Rule Name:

Invoice

Apply this rule if:

The sender → Is → This person invoice@domain.onmicrosoft.com
(If it is a domain, modify the rule to apply when the sender domain matches.)

Action:

Redirect the message to the following connector → Select the Microsoft 365 connector you created.

Set audit severity level:

Leave blank (no level defined)

Priority:

1 (higher priority than other rules)

 

Tags