We’re currently using a traditional third party email gateway for spam/phishing scans etc, and we’re using that gateway to redirect a few hundred (don’t ask) email addresses to Zendesk and few other places. Now we’re moving to an integrated solution that means having 365 handle incoming emails directly and we’re struggling with the best approach to porting those redirects.
As it stands, with our domains marked as Authoritative, email is bouncing before any mail flow rules are evaluated due to not having existing mailboxes or contacts. I suppose “best practice” is to create contacts or mail users for all of the support addresses we need to use, followed by either mailbox-level forwards or mail flow rules for all of those addresses (or lump them into a group where appropriate). But that way seems like a big pain in the ass to administer.
The other option is to set the domains as Internal Relay, which will allow 365 to skip checking whether an address exists, and then just use mail flow rules to handle the redirections directly, which we can script easily enough. But that way seems unsupported at best, and raises big questions about what happens when someone emails an actual non-existent address.
Googling didn’t come up with much in the way of useful documentation so I asked a couple of AIs and they’ve been similarly inconclusive. Copilot thinks that misdirected email will simply bounce with a “no route found” NDR, and gave me error code 5.4.312 that appears to be made up, while ChatGPT thinks that it’ll result in a mail loop and eventual 5.4.6 error, “routing loop detected”.
ChatGPT’s explanation seems more plausible and its suggestion of using a catch-all rule to either redirect or bounce mis-addressed emails sounds good on the surfacce, but again, I can’t find anything written by actual humans to confirm or deny.
So I come to you, denizens of sysadmin! Is there any suggested or best practice configuration for the redirection of large amounts of email addresses? Is using Internal Relay on what is actually the final hop a supported configuration? Or is the only supported/sane option to use an Authoritative domain along with the additional overhead of mail contacts?
Hugely appreciate any thoughts!
Thanks, yeah, as much as it feels like an overly complicated way of doing things, I think I’m erring towards just biting the bullet and making contacts. Appreciate your detailed reply!