Add support for anonymous inbound email over IPv6 in Microsoft 365

• Applies to:

  ✅ Exchange Online Protection, ✅ Microsoft Defender for Office 365 plan 1 and plan 2, ✅ Microsoft 365 Defender

Microsoft 365 organizations with Exchange Online mailboxes and standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes support anonymous inbound email over IPv6. The source IPv6 email server must meet both of the following requirements:

• The source IPv6 address must have a valid reverse DNS lookup (PTR) record that allows the destination to find the domain name from the IPv6 address.

• The sender must pass either SPF verification (defined in RFC 7208) or DKIM verification (defined in RFC 6376).

Before your organization can receive anonymous inbound email over IPv6, an admin needs to contact Microsoft support and ask for it. For instructions about how to open a support request, see Contact support for business products - Admin Help.

After anonymous inbound IPv6 message support is enabled in your organization, the message will go through the normal message filtering that's provided by the service.

Troubleshooting

• If the source email server doesn't have an IPv6 reverse DNS lookup record, the messages are rejected with the following error:

  450 4.7.25 Service unavailable, sending IPv6 address [2a01:111:f200:2004::240] must have reverse DNS record.

• If the sender doesn't pass SPF or DKIM validation, the messages are rejected with the following error:

  450 4.7.26 Service unavailable, message sent over IPv6 [2a01:111:f200:2004::240] must pass either SPF or DKIM validation.

• If you try to receive anonymous IPv6 messages before you've opted in, the message is rejected with the following error:

  550 5.2.1 Service unavailable, [contoso.com] does not accept email over IPv6.

Related articles

Support for validation of DKIM signed messages