Exchange Online Email Flow Explained: Understanding Inbound & Outbound Email Routing

hi guys I hope you all are doing well and welcome to Office 365 concerns in today's video we are going to explore the fascinating world of email flow in exchange online whether you are a beginner or an IIT professional understanding how email travels from the external world to exchange online and vice versa is essential so let's dive in let's start with inbound email flow let's assume a user who is using Gmail wants to send an email to a user whose mailbox is hosted in exchange online so in this example John is using Gmail and Bob's mailbox is hosted in exchange online John will log into his Gmail account will compose an email and in two field it will type Bob at office 365concepts.com every mailbox provider has an email server that is responsible to process the emails for example Exchange Server exchange online Gmail server Yahoo mail server and so on so in this example email sent from Gmail or received in Gmail mailbox will be processed by Google mail server so as soon as John will send email from his Gmail account that email will be picked up by message transfer agent and will hand over that email to message submission agent message transfer agent and message submission agent are the services that run on the email servers these services are responsible to pick the emails from the client application and send that email for further processing then SMTP service will pick that email from message submission agent now SMTP service knows that I need to deliver this email to Bob at office365concepts.com but it doesn't know where this user is SMTP service doesn't know who is Bob it only knows that if I find Office 365 concepts.com domain I will find the user also so SMTP service will go to the DNS and will ask for this domain information DNS will consult its own internal servers like root server top level domain server authoritative name server and will route the SMTP service to The Domain provider where this domain is hosted now from here SMTP service will find the MX record for this domain we know MX record is used to receive emails MX record tells the email servers where to Route the emails for a particular domain so now SMTP service knows how it can reach this domain now there can be two scenarios I can point my MX record for this domain to a third party email filtering server like Barracuda or Surface or I can point it to exchange online protection let's assume the MX record for Office 365 concepts.com is pointed to a third-party email filtering server for example suppose when we integrate an email filtering server with exchange online protection we create one inbound connector in exchange online that accepts the emails from the server and we create one outbound connector that sends emails from exchange online to email server so with the help of MX record email will be delivered to surface and with the help of inbound connector this email will be routed to exchange online protection and if MX record is pointed to exchange online protection then email will be delivered to EOP directly now once the email is delivered to exchange online protection it goes to multiple email filters that scan it one by one the first email filter in exchange online protection is connection filter connection filter will run directory based Edge blocking check on this email directory based Edge blocking check names if the recipient of this email is not found within this tenant this email will be rejected and the sender will receive an ndr then connection filter will check the connecting IP address within the email header from where this email is sent in this case it will be the IP address of Google Mail Server Connection filter will also check if the connecting IP is added within IP allow or block list and will take the action on the email as per the configuration then connection filter will validate the connecting IP address against IP reputation list IP reputation list is maintained and updated by Microsoft this list is a database of good reputation IP addresses those are updated on the regular basis if connection filter doesn't find the connecting IP address within IP reputation list it adds a value to the email header that is ipvnli that indicates the connecting IP address was not found within the IP reputation list after this connection filter will check the save sender list maintained by the recipient this save Center list is junk email settings configured within Outlook or owa by the end users if email passes all these checks it is moved to the next filter that is anti-malware filter anti-malware scans all incoming and outgoing emails in exchange online organization anti-malware scan the emails for three major malware categories virus spyware and Ransom under anti-malgars can the email attachment it scan the email body and it detects a malware inside the attachment or the email body it moves that email to quarantine the emails those are quarantined by anti-malware policies can be viewed or released only by the administrators let's assume there is no malware within the email or its attachment then the email will be scanned against the transport rules if there is no transport rule in exchange online that is blocking this email it will be moved to the next filter that is Advanced threat protection or ATP ATP scans attachments and links within incoming emails ATP includes two security features safe attachments and safe links safe attachments can email attachments in a virtual environment to detect and block malicious content before it reaches the recipient's mailbox and safe links protects users from clicking on the malicious links by checking the URLs against a dynamic database of non malicious links if the email is passed from ATP scan as well then it will be scanned against inbound anti-spam policies inbound anti-spam policies are a set of rules that determine how incoming emails are filtered for spam moreover SPF record dkim and D mark all these DNS records are scanned at this level if you want to understand exchange online protection in depth I have mentioned a link in the description you can watch that video later now once email is passed from inbound anti-spam policies it is delivered to the mailbox as soon as email is delivered to the mailbox it is scanned against inbox rules those are configured by the end user also if mailbox forwarding is enabled on the mailbox the email will be forever date to the respective mailbox and after inbox rules and mailbox forwarding 0r Auto Purge or zap scans the email for malware 0r Auto Purge is a feature of anti-malware policies that scan the emails for malware one and these emails are delivered to the mailbox now let's talk about outbound email flow in exchange online when a user sends email from exchange online mailbox to an external user the user who is on the internet this email is first scanned against the inbox rules if there is no inbox rule the email is handed over to exchange online protection when an email is handed over to EOP it is scanned by outbound anti-spam policies during this scanning this email is scanned against these settings and the restrictions configured within outbound anti-spam policies post this scan if you have configured data loss prevention policies or any other Email encryption methods all these policies are applied on the email also on this level this email is sent for the transport rules and when this email passes these checks this is scanned by the anti-malware engines now once all these checks are done EOP will route that email to the internet but let's say you are using of course for email scanning so you will have an outbound connector in exchange online so EOP will route that email to sofos through the outbound connector and then surface will route that email to the internet so this is how email flow Works in exchange online we explored both inbound and outbound processes and we talked about how emails enter and leave the system so if you have learned something new from this particular video please like subscribe and leave your questions or comments below thanks for watching I'll see you in the next video