Sending emails through Office365 sometimes causes message send failure with an error of 550 5.7.64 TenantAttribution; Relay Access Denied.
- In Office Admin go to Exchange
- In 'Mail Flow' go to Connectors
- Use the wizard to complete the Connector process.
Make sure the external IP is recorded as an allowed address on the Inbound Connector in Office 365:
Also, add the IP address to the SPF record in Public DNS like this:
v=spf1 ip4:, include: ~all
One other possible cause of this issue is if the application, when it composes the email, uses a domain other than what is on the accepted domains list. For example, if your tenant has 3 defined domains – , and and the application sending the email uses a domain like , then the connector in Office 365 will reject the email. If you receive the relay error, here is the order I would take for troubleshooting:
- Verify Sender address is using an accepted Domain (in the application, or message header)
- Send the email to an internal recipient – check headers for IPs to match in the connector
- Check your SPF record to make sure all IP addresses are listed as well