When you add a domain to your Microsoft 365 tenant, Exchange Online assumes that emails for that domain are hosted in Microsoft 365. But in some scenarios, your mailboxes are hosted externally, on another mail server and you just want Microsoft 365 to relay messages to that external system.
If you don’t configure this properly, Microsoft 365 will try to deliver emails internally and return an error if it can’t find a matching mailbox. This post explains how to fix that by correctly configuring the domain in Microsoft 365.
The scenario
You have a domain, for example: trusted-domain.com.
This domain is added to your Microsoft 365 tenant as a verified domain.
However, the mailboxes for this domain are hosted outside of Microsoft 365, on another mail server.
You want Microsoft 365 to send emails to trusted-domain.com addresses by looking up the domain’s public MX records and delivering them externally — not trying to deliver them internally.
Why does this happen?
When you add a domain in Microsoft 365, by default it is set as an Authoritative Domain. This means Microsoft 365 believes all mailboxes for that domain exist inside Microsoft 365. So if you try to send an email to user@trusted-domain.com, and no such mailbox exists in Exchange Online, the message is rejected with a non-delivery report (NDR).
To fix this, you need to change the domain type to allow relaying.
The solution: Internal relay
Microsoft 365 no longer uses the term “external relay” in the admin center. Instead, you should configure the domain as an Internal Relay Domain.
This allows Exchange Online to check if there’s a mailbox in Microsoft 365. If there isn’t, it will forward (relay) the email externally by looking up the domain’s MX record.
Solution
1. Open the Exchange Admin Center
- Go to https://admin.exchange.microsoft.com
- Sign in with your admin account.
2. Go to Accepted Domains
- In the left-hand menu, select Mail flow.
- Then select Accepted domains.
3. Set the domain type
- In the domain settings panel, under Domain type, select:
- Internal relay
- Save your changes.
Send a test email from a Microsoft 365 mailbox to an external mailbox at trusted-domain.com and check if it’s delivered.
