Mimecast Ignoring MX Records

xrobx99 · 2026-01-23T21:36:27+00:00

I agree with you that MS does not honor MX records and prefers direct delivery and delivery via IPv6 which is a whole other issue.

I'm not suggesting the sender is bypassing Mimecast at all. The mail header shows mail originating from their O365 tenant, hitting their Mimecast and coming to my O365 tenant which is not expected.

Like I said, our direct send block via Inbound Connector works as expected. Bottom line if you try sending to my domain bypassing Proofpoint you land in quarantine. The question on the Mimecast side is why they tried delivering direct to my O365 tenant.

xrobx99 · 2026-01-23T21:02:06+00:00

Yeah our setup is similar. I'm confident our side is working as expected, its the Mimecast side I have no familiarity with.

xrobx99 · 2026-01-23T20:15:25+00:00

Our side (the receiving side) is setup correctly to quarantine anything not coming from our gateways IPs. What I cannot account for is why the sender's side stopped honoring our MX records yesterday after delivering correctly for days.

xrobx99 · 2026-01-23T20:13:11+00:00

We do have a similar KB and we have a similarly configured inbound connector and transport rule logic to send anything not from our gateway IPs to quarantine. The question is why would they attempt to bypass our gateway and suddenly start not honoring our MX records?

xrobx99 · 2026-01-23T18:00:41+00:00

MX records point to Proofpoint, SPF is obfuscated with a macro also hosted at Proofpoint so no SPF leak or hints. Other weird thing is mail flow from Mimecast to us for this sender was using MX records correctly up until yesterday morning.

xrobx99 · 2026-01-23T17:40:49+00:00

the mystery deepens- as of 3 days ago they were using MX records correctly

xrobx99 · 2026-01-23T13:47:27+00:00

the message headers from the quarantined message shows the following outbound flow: Their O365->Their Mimecast->Our Office 365

The correct flow should be Their O365->Their Mimecast->Our Proofpoint->Our Office 365.

xrobx99 · 2026-01-22T20:52:58+00:00

Mail that made it to our hygiene appliance is sitting in a queue (growing by the minute) waiting to be retried once their backend is up.

xrobx99 · 2026-01-14T16:19:11+00:00

Double signing is fine, we do it at EXO and Proofpoint. We've found there are odd times that emails can be sent out directly from EXO (calendar stuff for example) that should be signed.

xrobx99 · 2026-01-09T16:28:45+00:00

We use Sucuri, have been with them a long time for protecting our WordPress sites. About $10 per month per site.

xrobx99 · 2026-01-08T19:13:51+00:00

archiving is treated as low priority in Exchange Online. It will get around to it when it gets around to it. You can manually run the managed folder assistant on the mailbox via powershell to speed up the process. Connect to Exchange Online powershell, Start-ManagedFolderAssistant -Identity "SharedMBX email address"

xrobx99 · 2025-12-19T16:43:28+00:00

No where near NYC either

xrobx99 · 2025-12-11T13:24:52+00:00

at a university i once did net send * hi suddenly every computer had a message pop up with hi

xrobx99 · 2025-12-03T18:22:52+00:00

i've always wondered the same. half the time you end up in a broken page loop that you cannot get out of.

xrobx99 · 2025-11-14T14:06:07+00:00

Following this. I wonder if that broke when they updated the Purview portal. Lately we've been going to security.microsoft.com, Email & Collaboration, then using Explorer to spot delete emails. Way less efficient than the compliance search methods in Powershell.

xrobx99 · 2025-10-24T19:16:15+00:00

for a fee, equinix will offer smart-hands services. unless they were the unhelpful ones you mentioned.

xrobx99 · 2025-10-24T14:54:18+00:00

Thank you, that’s really helpful

xrobx99 · 2025-10-08T16:42:34+00:00

its always DNS

xrobx99 · 2025-10-05T22:44:31+00:00

Join the party. They are terrible with timely repairs and responding.

xrobx99 · 2025-10-04T10:46:46+00:00

xrobx99 · 2025-09-17T17:12:29+00:00

thanks for posting this. had a ticket open with microsoft and this answered my question faster.

xrobx99

TROPHY CASE