How to Configure Office365 to Only Accept Email From a 3rd Party Spam Filter

If you want to use a 3rd party spam filtering service rather than utilising the built in protection provided by office 365, then you need to ensure that Office365 only accepts mail from that filtering service. If you don’t it’s too easy for spam bots to bypass the filter and deliver spam messages direct into your office 365 account potentially unfiltered!

Setting up is easy so lets look at the steps.

Step 1: Get a list of your spam filter providers public IP addresses. They will usually list a range of addresses from within their portal.

Step 2: Edit the default connection filter properties

Step 3: Create and configure a mail flow rule

Let’s look at each step in detail:

Step 1: Get a list of all your spam filter provider’s public IP address ranges which can usually be found from the main portal page on the providers website. Here I login to ours and on the main page there is a link to all the pubic IP addresses they use


Make a note of these IP addresses and ranges.


Step 2: Log into Office 365 as a tenant administrator and go to the Exchange admin portal and click on connection filter.



Now we must edit the existing connection filter so that it always accepts emails from our 3rd party spam filter. Click on the pencil edit symbol to edit the filter.


Click on connection filtering and then add all the spam filter providers IP addresses or Ranges. Either just enter a full IP or enter ranges using the slash notation as shown below. Once you have added all of them click Save.


Step 3:

In this step, we configure a rule which will delete all emails unless they come from the 3rd party spam filter provider’s servers. Go into the Exchange admin center, click mail flow then rules. Now create a new rule by clicking the plus symbol and select ‘Create a new rule’.


Complete the rule as shown but feel free to call it what you wish. The rule will apply to all emails send from people outside of our organisation and delete the email. We then need to configure an exclusion to this rule by again entering all the public IP addresses and ranges used by our 3rd party spam filter.

Click on More options to get to the exception options.


Once you click More options you can then add an exception to this rule by clicking add exception.


Select ‘The sender’ and click ‘IP address is in any of these ranges or exactly matches’.


Enter all the public IP addresses and ranges used by your 3rd party spam filter and press OK


Click on Save to save and activate the rule.


Congratulations your Office365 tenant is now configured to only accept email which comes from your 3rd party spam filter. No one will be able to bypass your MX records and try to deliver email direct to Office365.

Hope you found this useful please comment below if you did 🙂

Get this blog post sent to you as a PDF file to read later

Enter your email address and press Send Now

Author: Ian@SlashAdmin

Share This Post On

1 Comment

  1. Thanks for this, just what I needed!

    Post a Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.