Share via

Recipient rejects mail from Exchange Online or Exchange Online Protection and host name does not match IP address error

Original KB number:   3019655


When users try to send mail from Microsoft Exchange Online or Microsoft Exchange Online Protection to an external recipient, the destination message transfer agent (MTA) rejects the message. The error message that users receive may vary. Typically, it states that the source server's host name does not match its IP address.


The recipient server requires that the server name that's contained in the message HELO string have a corresponding pointer (PTR) resource record (reverse IP lookup). Exchange Online and Exchange Online Protection use multiple IP addresses to send mail. Because of DNS limitations, all these IP addresses can't be mapped through the PTR record to the server name that's in the message HELO string.


The method in which Exchange Online and Exchange Online Protection send email by using multiple IP addresses is typical for most large mail systems and is by design. Contact the recipient system administrator for help.

More information

In Exchange Online and Exchange Online Protection, outgoing email settings use specific patterns. It's important to be aware of these patterns if your recipient servers use PTR record lookups for validation. This is because they explain why messages that are sent from the service might be rejected. The patterns are as follows:

  1. The sending IP addresses that are used by Exchange Online and Exchange Online Protection have forward-confirmed reverse DNS records. This means that each sending IP address has both a forward (name-to-IP address) and a reverse (address-to-name) DNS record that contains matching information. For example:

    Outbound IP address:
    PTR record: =
    A-record : =
  2. The HELO/EHLO strings that are used to identify the mail servers that are used by the service also contain For example:

    All these HELO/EHLO strings have A records that contain some outgoing IP addresses that correspond to the sending mail servers. (However, the A records do not contain all these outgoing IP addresses.) For example:

    A record:

  3. The PTR records of the IP addresses in the A record of the EHLO/HELO string will not match the HELO/EHLO string of the sending mail server. For example:
    PTR record:

    Notice that does not match

Still need help? Go to Microsoft Community.