Transition email delivery

In order to reroute incoming email via Phish Protection, you’ll need to change your DNS MX record. By definition, this is an impacting change, and reversion is not immediate, so confirm that the DNS changes and allow listing based on your specific email server have been successfully completed before proceeding. (365 / Google)

Update MX Record

In your DNS provider, take note of the existing records (in case a roll-back is required), and update your MX record to match the contents of the “Your Custom MX” field captured in step 1 (Account Portal Settings). If you have multiple MX records defined for your domain, remove the extraneous ones. Although it’s strictly not required, it’s recommended to set the MX priority value to 10.

At this point, leave the TTL reduced to the minimum value applied in step 1 - once you’ve confirmed that mail is being filtered and delivered as expected, this value can be increased (Day 2)

At this point, email will start being delivered via PhishProtection.

Post-update verification

Confirmation via email headers in Office 365

To verify that incoming email is correctly arriving via PhishProtection / the Enhanced Connector, examine a newly received email, and check the headers for the following entries. 

  • X-MS-Exchange-ExternalOriginalInternetSender

  • X-MS-Exchange-SkipListedInternetSender

Confirmation via Message Logs

Further, navigate to “Message Log” in the PhishProtection portal - every email transiting PhishProtection will be logged, indicating delivery status.


A few common failure modes are detailed below. Note that the quickest solution to an unexpected service-impacting fault is to revert the MX record changes made above. This will restore email delivery, but remove the opportunity for further troubleshooting.

Email is being delivered, but no logs appear in client portal

Email is not (yet) being sent via PhishPortal. Wait for the DNS TTL to expire, send test messages from various external sources. Confirm MX record has been updated by reporting on your domain at , and confirming the mail server value has been updated.

Logs appear in the client portal, but emails are not being delivered

Confirm the destination server and related settings under “Account Portal Settings” in step 1

Header verification fails but logs appear in client portal, emails are delivered

This would indicate that the enhanced connector is misconfigured. Review the relevant section of step 2.

Obvious spam/phishing is not being filtered in Office 365

Confirm the end user quarantine / anti spam configuration

The MX change concludes the mandatory transition regarding basic email delivery.