Setting up Paubox Encrypted Email for Office 365 contains two parts: (1) A DNS record change that allows Paubox to relay email for your domain (2) Adding a connector in Office 365 to integrate with Paubox for in-transit encryption of email.
You may optionally also route all of the inbound email for your domain to Paubox for inbound security (see section III for instructions).
Before making these changes however, make sure we have verified that you are correctly set up on our end first. Click here to get started.
Part I: DNS record change
Log in to your domain host and look for a record of type "TXT" that has this value:
v=spf1 include:spf.protection.outlook.com -all
change this record so that it has the value below:
v=spf1 include:_spf.paubox.com include:spf.protection.outlook.com -all
Part II: Setting up Encryption for Office 365
You will need to use the Office 365 Exchange admin center to configure your remote, outbound email to go through Paubox. Here’s how you do it:
- Go to https://outlook.office.com/ecp to access the Exchange admin center. If you haven’t logged in already, you’ll need to do that first in order to be granted access.
- On the left menu, click mail flow and then connectors. You should see a screen like this:
- Click +
- On the pop-up window that follows, select
From: Office 365 and To: Partner organization. Then click Next
- Under *Name:, enter Paubox. Then click Next
- Make sure Only when email messages are sent to these domains is selected, then click +
- In the Add domain field, enter * then click OK
- Click Next
- Choose Route email through these smart hosts then click +
- In the add smart host box, enter outbound.paubox.com then click Save
- Click Next
- On the next screen, make sure Always use Transport Layer Security (TLS) to secure the connection (recommended) and Any digital certificate, including self-signed certificates are selected. Click Next.
- Click Next again
- On the next screen, click the + and enter email@example.com as the validator email address. Click Next.
- Click Validate
- After the test is successful, click Close
- Next click Save
- The Paubox connector for Office 365 is now live.
Part III: (Optional) Setting up Paubox Inbound Security
NOTE: Before following the instructions below, please make sure that a relay has been created at Paubox first. If not, these changes will result in a disruption of all inbound email for your domain.
If your organization’s domain name is example.com, Microsoft Office 365 asks you to setup your MX record like this:
MX 10 example-com.mail.protection.outlook.com.
To get Paubox inbound security going, you’ll need to change your MX record so that it has just one MX record:
This will start routing all inbound email for your domain to Paubox when the DNS record change finishes propagating.