Emails 550 5.7.1 from DLP Cloud Service in O365 Reflect Mode
search cancel

Emails 550 5.7.1 from DLP Cloud Service in O365 Reflect Mode


Article ID: 185005


Updated On:


Data Loss Prevention Cloud Service for Email Data Loss Prevention Cloud Package


Similar to the circumstances described in Emails rejected by DLP Cloud Service when sending messages from new domains (, except in this case the DLP Cloud Email Service is configured in Reflecting mode.

It has been confirmed that the domains are validated in Enforce (as per or Implementation Guide), and there is no custom certificate involved (i.e., not in "hybrid" mode with Exchange on-prem senders).

Other basic requirements have also been verified (X-DetectorID header added, Connector sending to correct "SmartHost" or FQDN for their Detector, etc).

But no messages are accepted even from the primary domain as configured in their O365 Admin Center.

Error: 550 5.7.1 Domain not authorized


  • DLP Cloud Service for Email
  • Configured in Reflecting mode, with O365


Despite other checks, the setup of the O365 domain may not be correct - either with DNS or other issues.


Firstly, verify domains as validated by using tools for this purpose.


If the above details match what is configured in your O365 Admin Center, you may find this Microsoft technet page useful:

Follow the link there to the (in the "Your domain's MX record has a problem" section):

Microsoft Remote Connectivity Analyzer

Using the option in the O365 tab, enter the your primary domain (as configured in O365).

If there are any issues with the setup (DNS problem, etc.) the tool will return details - at which point you need to verify a solution to the issue with Microsoft support.