Deciding where to host your mail can be a complicated decision. For small businesses and startups, hosting mail on the same server as your website or web-application is the logical and practical mail solution. As your business grows, or at least your email needs grow, many businesses to host their mail services on one of two third party provider platforms:
- Google G Suite
- Microsoft Office 365 (mail services provided through Microsoft Exchange)
Hosting your mail services at one of these services provides a few additional benefits over self-hosting mail on your own server such as taking advantage of the larger consolidated spam filtration services, multiple distributed nodes and networks, and greater influence in maintaining a high sender reputation with blacklist service providers. That’s not to say all businesses should be hosting mail on one of these services; many businesses never need anything more than basic intra-company email hosted on a single server. But if your business is growing, or marketing via email, using a hosted cloud email service provider is one step to providing a more on-demand mail solution.
The mail services at both of these providers, or any number of other providers, can be used with your own domain and along side your dedicated web-application server. However, whether you use cPanel, Plesk, or your domain registrar for DNS services, there are a few configuration requirements to get everything set up correctly.
In this article, we will detail the specific requirements and recommendations for configuring domain to use Microsoft Office 365 as your mail service provider. If you are looking for instructions on how to configure your domain using G Suite for email services, we’ve provided these instructions in our article G Suite DNS Configuration for Remote Mail Services.
And of course, if you have any questions about this process please reach out to us by clicking the Submit a Request link here, or at the top of the page.
Microsoft Office 365 Configuration Requirements
The configuration steps to use Office 365 for email requires two separate stages
- Verifying your domain in Office 365
- Adding MX, CNAME, SPF, and SRV records required by Office 365 to your domain’s DNS
Verifying your domain in Office 365
Office 365 requires verification of domain ownership before setup can be completed. To facilitate this verification, you can either add a low-priority MX record, or a TXT record. As TXT records are both preferred by Office 365 and supported on most major control panels, we will be instructing to add a TXT record for verification.
Note: This TXT record is only for verification purposes, and may be removed after you have verified the domain within Office 365.
The TXT record value is provided on a per-domain basis within the Office 365 interface and can be accessed by following these steps.
Locating the verification TXT record in Office 365
- Log into your Office 365 account
- Visit the Domains page by choosing Setup > Domains on the Admin center
- On the Domains page, choose your domain from the list of domains
- After choosing your domain, click Start setup
- On the Verify domain page, choose Add a TXT record instead, then click Next
- The TXT verification record will be provided on this page. You will need this record value in the next section of steps. This record should match the following format: MS=msXXXXXXXX
Adding the TXT record within your control panel
For demonstration purposes, we will be using demo.cozaq.com. within our example steps and images. You will of course need use your domain name instead when completing these steps. The new verification TXT record should look like the following, assuming the TXT record provided by Office 365 was MS=ms12343210.
WHM / cPanel
For WHM and cPanel, we have provided detailed step-by-step instructions for modifying records in our Configuring Your cPanel Server to Use a Third Party Mail Service article if you need them.
Enter the TXT verification record into the WHM Edit DNS Zone screen for your domain as shown below, entering your full domain followed by a period (.) as the host, TXT as the type, and the record Office 365 gave you above as the value:
Plesk
Step-by-step instructions for Plesk are provided in our Configuring Your Plesk Server to Use a Third Party Mail Service article if you need them.
Enter the TXT verification record into the Plesk Edit DNS Zone screen for your domain as shown below, selecting TXT as the type, leaving the domain name box blank (assuming you’re validating the primary domain for this Plesk subscription, and not a subdomain), and the record Office 365 gave you above as the TXT record value:
MX, CNAME, and other records
Locating your MX Record domain-key in Office 365
- Log into your Office 365 account
- Visit the Domains page by choosing Setup > Domains on the Admin center
- On the Domains page, choose your domain from the list of domains
- After choosing your domain, look for the Required DNS settings section; your MX record(s) will be provided here in a format similar to the following:
MX Priority TTL <domain-key>.mail.protection.outlook.com 10 1 hour
Note: The records displayed are dependent upon the choices selected in the Domain purpose section, so the records may vary from domain to domain.
Office 365 CNAME and SPF records
The following CNAME records will be necessary to utilize Office 365 services. For all CNAME records, a TTL of 3600 (1 hour) has been recommended:
| Host | Value |
| autodiscover | autodiscover.outlook.com |
| sip | sipdir.online.lync.com |
| lyncdiscover | webdir.online.lync.com |
| msoid | clientconfig.microsoftonline-p.net |
| enterpriseregistration | enterpriseregistration.windows.net |
| enterpriseenrollment | enterpriseenrollment-s.manage.microsoft.com |
Note: The msoid record is only applies to Office 365 services operated by 21Vianet, and the two enterprise CNAME records are only necessary if you have Mobile Device Management (MDM) for Office 365.
To protect against malicious parties spoofing your domain with spam or malware email, it is highly recommended to add a SPF record identifying all servers who are allowed to send mail for your domain. Obviously, when using Office 365 you will need to include their servers in this record, which will look like “v=spf1 include:spf.protection.outlook.com -all”.
Note: If you wish mail to soft fail, instead of being rejected or bounced outright, change the -all to ~all when entering your record.
Office 365 SRV record
Office 365 also requires two additional records which are less common, SRV records. These records are very similar to the CNAME records specified above in that they logically connect a service with a service provider, but additionally specify which port, protocol, or other details of that service. For Office 365, you will need to add the following two records:
- Service: _sip
- Protocol: _tls
(entered in some control panels combined as _sipProtocol._tls) - Priority: 100
- Weight: 1
- Port: 443
- Target (Hostname): sipdir.online.lync.com
- Service: _sipfederationtls
- Protocol: _tcp
(entered in some control panels combined as _sipfederationtls._tcp) - Priority: 100
- Weight: 1
- Port: 5061
- Target (Hostname): sipfed.online.lync.com
Note for Users of WHM / cPanel
In WHM you will need to make sure that the Hosting Package for your cPanel accounts has the Zone Editor (AAAAA, CAA, SRV, TXT) feature enabled:
Adding the records within your control panel
For demonstration purposes, we will be using demo.cozaq.com. as our domain within our example steps and images.
The domain key we are using for this example is demo-cozaq-com for the Office 365 MX record, but you will of course need use the record provided in the location specified above instead when completing adding your records:
WHM / cPanel
For WHM and cPanel, we have provided detailed step-by-step instructions for modifying records in our Configuring Your cPanel Server to Use a Third Party Mail Service article if you need them.
Enter the MX, CNAME, and SPF records into the WHM Edit DNS Zone screen for your domain as shown below, entering the new records in the empty fields at the bottom of the page, and clearing the record type by changing type back to Select for any conflicting records that may have already existed. The end result should be a block of new records similar to the one below:
And as mentioned above, if you are using Mobile Domain Management for Office 365, you will also need the following two records:
Plesk
Step-by-step instructions for Plesk are provided in our Configuring Your Plesk Server to Use a Third Party Mail Service article if you need them.
Enter the MX, CNAME, and SPF records into the Plesk Edit DNS Zone screen for your domain as shown below, entering the new records one at a time until all records are entered. Also, don’t forget to click the Update button after all of the new records are entered, and any conflicting records have been removed. The end result should be a block of new records similar to the one below:
Note: The two MDM records are also included in the screenshot above; only enter them if you intend to use MDM for Office 365.
When entering the SRV records, enter the Service, Protocol, Service, etc fields individually as shown in the screenshot below. Unlike WHM, Plesk provides separate fields for the Service Name and Protocol:
Thanks for taking the time to read through this article. If you have any questions about this process, or about Cozaq's services in general, please reach out to us by clicking the Submit a Request link here, or at the top of the page - we’ll be happy to help!
