Emails 550 5.7.1 from DLP Cloud Service in O365 Reflect Mode

book

Article ID: 185005

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Service for Email Data Loss Prevention Cloud Package

Issue/Introduction

Similar to the circumstances described in TECH247444, except in this case the DLP Cloud Email Service is configured in Reflecting mode.

It has been confirmed that the domains are validated in Enforce (as per or Implementation Guide), and there is no custom certificate involved (i.e., not in "hybrid" mode with Exchange on-prem senders).

Other basic requirements have also been verified (X-DetectorID header added, Connector sending to correct "SmartHost" or FQDN for their Detector, etc).

But no messages are accepted even from the primary domain as configured in their O365 Admin Center.

Error: 550 5.7.1 Domain not authorized

Cause

Despite other checks, the setup of the O365 domain may not be correct - either with DNS or other issues.

Environment

  • DLP Cloud Service for Email
  • Configured in Reflecting mode, with O365

Resolution

Firstly, verify domains as validated by using tools for this purpose.

E.g.,

If the above details match what is configured in your O365 Admin Center, you may find this Microsoft technet page useful:

https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/non-delivery-reports-in-exchange-online/fix-error-code-550-5-7-1-in-exchange-online#im-an-email-admin-how-can-i-fix-this

Follow the link there to the (in the "Your domain's MX record has a problem" section):

Microsoft Remote Connectivity Analyzer

Using the option in the O365 tab, enter the your primary domain (as configured in O365).

If there are any issues with the setup (DNS problem, etc.) the tool will return details - at which point you need to verify a solution to the issue with Microsoft support.