Follow me
Senior full stack developer, devops engineer, product designer, digital marketing expert and digital transformation leader Senior full stack developer, devops engineer, product designer, digital marketing expert and digital transformation leader
0

No products in the cart.

CarlosPérez © Copyright 2024 - All rights reserved
Sysadmin

How to setup hybrid email architecture with Microsoft Office 365 and traditional shared hosting mail accounts

May 22, 20263 Mins read25 0

Setting up an environment where accounts in Microsoft 365 (M365) and a traditional shared hosting (such as cPanel) coexist under the same domain (yourcompany.com) is known as a Shared SMTP Address Space or Split Domain.

The best practice and most stable architecture is to have Microsoft 365 receive all incoming email first. M365 keeps the emails for the accounts that are active on its platform and, if an account does not exist there, silently forwards it to the shared hosting.

Here is the step-by-step guide to configuring this correctly.

Step 1: Configuration in Microsoft 365

To prevent Microsoft from rejecting emails destined for accounts that do not exist on its platform, you must change the domain behavior.

1. Change the Domain Type to Internal Relay

  1. Access the Exchange Admin Center (EAC).
  2. Go to Mail flow > Accepted domains.
  3. Select your primary domain (yourcompany.com) and click Edit.
  4. Change the domain type from Authoritative to Internal Relay.
  5. Save the changes.

What does this do? It tells Microsoft: “If an email arrives for this domain and the user is not created here, do not bounce it with an error; look for a connector to send it elsewhere.”

2. Create the Outbound Connector to the Hosting

  1. In the same Exchange Admin Center, go to Mail flow > Connectors.
  2. Click Add a connector.
  3. In the source and destination wizard, select:
    • From: Office 365
    • To: Your organization’s email server
  4. Give it a descriptive name (e.g., “To Shared Hosting”) and click Next.
  5. Under activation, choose: Only when email messages are sent to these domains and enter your domain (yourcompany.com).
  6. For routing, select Route mail through these smart hosts and enter the host name of your shared server (you can find this in your cPanel; it is usually something like mail.yourcompany.com or your provider’s server name).
  7. Leave the default security options (TLS) enabled if your hosting provider supports SSL/TLS certificates for email.
  8. Save and validate the connector by entering the email address of one of the accounts staying on the shared hosting to verify that Microsoft can successfully deliver mail to it.

Step 2: Configuration in the Shared Hosting (cPanel)

Now you must ensure the hosting behaves inversely: if a local user sends an email to someone who is on Office 365, the hosting must know to route it out to the internet instead of looking for it in its local folders.

  1. Log in to your cPanel.
  2. Go to the Email section > Email Routing.
  3. Select your domain.
  4. Change the setting from Automatically Detect Configuration or Local Mail Exchanger to Remote Mail Exchanger.
  5. Click Change.

Critical Note: In the shared hosting, you must only keep the accounts of the users who are actually staying there. Delete (or do not create) accounts in the hosting for users who have already migrated to Office 365. If a duplicate account is left on the hosting, whenever a hosting user writes to them, the email will be delivered locally and will never reach Office 365.

Step 3: DNS Records Configuration

This step is vital so that the entire internet knows where to send emails and to prevent your outgoing messages from landing in the spam folder. You must edit the DNS zone where your domain is pointed.

1. MX Record (Mail Input)

Remove any existing MX records pointing to your hosting and add only the Microsoft 365 record with the highest priority (usually 0 or 10):

  • Type: MX
  • Priority: 0
  • Destination: yourcompany-com.mail.protection.outlook.com (replace with the exact value provided in your M365 panel)

2. SPF Record (Combined Authentication)

Since you will now be sending legitimate emails from two different platforms (Office 365 and your hosting), the SPF record must authorize both.

Modify your SPF TXT record to look like this:

Plaintext

v=spf1 include:spf.protection.outlook.com ip4:IP_OF_YOUR_HOSTING -all

(Make sure to replace IP_OF_YOUR_HOSTING with the public dedicated or shared IP address your cPanel server uses to send mail).

3. Autodiscover (For Office 365 Accounts)

Ensure you configure the CNAME so that Outlook and mobile devices can configure Microsoft accounts automatically:

  • Host: autodiscover
  • Type: CNAME
  • Destination: autodiscover.outlook.com

Summary of the Email Flow

With this architecture in place, the flow will work seamlessly:

  1. An external sender writes to new_employee@yourcompany.com.
  2. The global DNS directs the email to Microsoft 365.
  3. Microsoft 365 receives the email:
    • If the account exists in M365, the email is deposited into their inbox.
    • If the account does not exist in M365, the Internal Relay rule triggers, passing the email through the connector and redirecting it to the Shared Hosting, where it is finally delivered to the user.
Previous post SysadminHow to disable training on my data in ChatGPT: An overview on OpenAI's privacy policy
Carlos Pérez

Digital manager, tech lead, product designer, full stack engineer, web and app developer, SEO, digital marketing, automation and AI expert.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

Sysadmin

What are DMARC, DKIM, and SPF and how to setup them

October 17, 2024
Sysadmin

How to check and repair windows file system

October 25, 2023
Sysadmin

How to enable TLS 1.2 in Outlook 2007 or 2010 on a Windows 7

May 17, 2023
Sysadmin

How to enable SMS code multifactor authentication in Microsoft Office 365

January 10, 2023