On Tuesday, October 11, inbound email delivery to some Microsoft Office 365 domains was delayed between several minutes and 24 hours. Investigating the issue, Mailprotector determined that Microsoft was dealing with a high-risk email threat and graylisted two of Mailprotector’s transport IP addresses.
Microsoft has confirmed they made changes to the email perimeter on Tuesday due to a spike in connection volume they observed across all sending environments. The spike in volume was not specific to Mailprotector’s IP addresses but rather a more global change. Microsoft would not provide specifics, but the description aligns with some denial-of-service attacks.
Unfortunately, Mailprotector’s two IP addresses were caught in the changes made by Microsoft. Microsoft expects no anticipated repeat of this situation, and no guarantee of trusting Mailprotector IP addresses could be made.
However, Microsoft also confirmed that Inbound Connectors would help bypass the type of changes made on Tuesday and should prevent the excessive delays experienced by some domains. Therefore, Mailprotector recommends adding the Inbound Connector to all Exchange Online deployments. Documentation will be updated to reflect the new best practice considerations.