Emails rejected by DLP Cloud Service when sending messages from new domains

book

Article ID: 170072

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Prevent for Microsoft Office 365 Data Loss Prevention Cloud Service for Email

Issue/Introduction

New sending domains have been implemented in email architecture, and messages from these domains are being rejected by DLP Cloud Service for Email.

Possible errors:

Error: 550 5.7.1 Domain not authorized

Reason:[{LED=450 4.4.317 Cannot connect to remote server [Message=451 4.4.2 Error: Connection lost to forwarding agent.]

Cause

Any sending domains not registered are rejected by the downstream MTA (Email Security.cloud for most customers). These domains need to be added to their account via the ClientNet Self Service Portal.

Note: this issue will also affect DLP Cloud Service customers in "Reflecting mode" (no Email Security.cloud downstream, mail goes back to O365).

Environment

DLP Cloud Service for Email, with servers provisioned as requested - where the list of "allowed domains" is provided on the original provisioning form.

Originally configured sending domains are successfully delivered to recipients.

Resolution

For customers in Forwarding mode - with Email Security.cloud downstream:

 

First, please ensure that the "DLP Cloud Email" is listed among the Email Services in your account:

 

If that is not present, please open a case with Support, confirming the above along with your DLP Cloud Detector ID.

 

If the above entry is present, then confirm the domain from which email is being sent is listed as an "Active Domain", in the portal, as below:

 

 

Once the domains are added, the DLP Cloud teams will also confirm the updates are cascaded to the Cloud Services.

 

Update: For customers whose Cloud Email Service was provisioned in Reflecting mode (emails sent back to O365 as downstream MTA), DLP 15.1 MP1 introduced a feature that allows customers to add domains via the Enforce UI. Validation of any new domains does require proof of domain ownership via the addition of a TXT entry into the domain's DNS record.

For more details on adding domains for your Cloud Email Service in Reflecting mode, please see the latest copy of the Cloud Service for Email Implementation Guide.

 

 

Please contact DLP support for any further questions.

Attachments