What is DBEB? It is a solution that allows an organization to reject message for invalid recipient at the service network perimeter. DBEB enables your Office 365 Global Administrator to add mailed-enabled recipients to Office 365 and block all messages sent to email address that aren’t present in Office 365.
Valid messages are then subject to the rest of the service filtering layers which are;
Mail Flow Rules (otherwise knows as Transport Rules)
Invalid messages are blocked before filtering even occurs, and a non-delivery report (also known as an NDR or bounce message) is returned to the sender. The NDR looks like this:
550 5.4.1 [<InvalidAlias>@\<Domain>]: Recipient address rejected: Access denied
Important NoteIn hybrid environments, in order for DBEB to work, email for the domain must be routed to Office 365 first (the MX record for the domain must point to Office 365).
First of all, you need to verify that your accepted domain EXO is an Internal Relay, this is done by going to Exchange Admin Console –> Mail Flow –> Accepted domains.
If, your domain type is Authoritative you will need to click the edit button and set to internal relay
Adding your users to Office 365
- Directory synchronization: Add valid users to Office 365 by synchronizing from your on-premises Active Directory environment to Azure Active
Directory inthe cloud. For more information about how to set up directory synchronization, see “Use directory synchronization to manage recipients” in Manage Mail Users in EOP.
- Add users via PowerShell or the EAC: For more information about how to do this, see Manage Mail Users in EOP or Manage mail users in Exchange Online.
In the EAC, go back to Mail flow > Accepted domains.
Select the domain and click Edit.
Set the domain type to Authoritative.
Choose Save to save your changes, and confirm that you want to enable DBEB.
- Until all of your valid recipients have been added to Exchange Online and replicated through the system, you should leave the accepted domain configured as Internal relay. Once the domain type has been changed to Authoritative, DBEB is designed to allow any SMTP address that has been added to the service (except for mail-enabled public folders). There might be infrequent instances where recipient addresses that do not exist in your Office 365 organization are allowed to relay through the service.
- For more information about DBEB and mail-enabled public folders, see Office 365 Directory Based Edge Blocking support for on-premises Mail Enabled Public Folders.
The Author –