Example 3: Require that all emails are sent from a specific IP address range

This email could be from a partner organization, such as ContosoBank.com, or from your on-premises environment. For instance, the MX record for your domain, contoso.com, points to on-premises, and you want all emails being sent to contoso.com to come from your on-premises IP addresses only. This condition helps prevent spoofing and ensures your compliance policies can be enforced for all messages.

To do this configuration, specify your partner organization domain name to identify mails from that partner, and then restrict the IP addresses that you accept mails from. Using an IP address makes the connector more specific because it identifies a single address or an address range that your partner organization sends mails from.

You can do this configuration in the New EAC and Classic EAC.

New EAC

To do this configuration in the New EAC, perform the following procedure:

1. Enter your partner domain as described in Example 1 - Require that email sent from your partner organization domain contosobank.com is encrypted using transport layer security (TLS).
2. Use the options as shown in the following screenshot:

Classic EAC

To do this configuration in the Classic EAC, perform the following procedure:

1. Enter your partner domain as described in Example 1 - Require that email sent from your partner organization domain contosobank.com is encrypted using transport layer security (TLS).
2. Use the options as shown in the following screenshot:

When you set these restrictions, all emails that are sent from your partner organization domain, ContosoBank.com, or from your on-premises environment will be from the IP address or an address range you specify. Any mail that doesn't meet these conditions will be rejected.