As a first step to fixing any problems, check your configuration. See How to set up a multifunction device or application to send email using Office 365 for detailed information about the configuration options.
Below are the three configuration options to help you identify which one is in use:
1. SMTP client submission (recommended)
Your printer is connected to the Office 365 server "smtp.office365.com."
You entered an email address and password for the printer mailbox.
The printer can send email to people inside and outside your organization.
2. Direct send
Your printer is connected to an Office 365 server whose name ends with "mail.protection.outlook.com."
There is no connector set up in Office 365 for emails sent from your organization's network.
The printer can send email only to people in your organization; email can't be sent to recipients outside your organization.
3. Office 365 SMTP relay
Your printer is connected to an Office 365 server whose name ends with "mail.protection.outlook.com."
There is a connector set up in Office 365 for emails sent from your organization's network to Office 365.
The printer can send email to people inside and outside your organization.
Printer setting | Value |
:----- | :----- |
Server/smart host | smtp.office365.com |
Port | Port 587 (recommended) or port 25 |
TLS/ StartTLS | Enabled |
Username/email address and password | Login credentials of Office 365 mailbox the printer uses |
If your printer didn't require a password for the email address you entered, your printer is trying to send emails without logging on to Office 365. SMTP client submission requires your printer to log on to Office 365. Direct send and Office 365 SMTP relay do not require a logon; consider one of these options instead.
Your printer or application must send email from the same address that you entered logon credentials for during email setup. If the printer or application tries to send email from a different account, this results in an error similar to:
5.7.60 SMTP; Client does not have permissions to send as this sender.
For example, if you entered login credentials for username@domain.com in your application settings, but the application tries to send emails from scanner@domain.com, this is not supported. For this scenario, use Office 365 SMTP relay instead.
Test the user name and password by logging on to Outlook on the web, and try to send a test email to make sure the account is not blocked. If the user is blocked, you can find help in the article, Removing a user, domain, or IP address from a block list after sending spam email.
Next, test that you can connect to Office 365 from your network by doing the following:
Follow the instructions to install the Telnet Client tool on a computer on the same network as the device or application.
Run the tool from the command line by typing telnet.
Type open smtp.office365.com 587 (or substitute 25 for 587 if you are using that port setting instead).
If you connected successfully to an Office 365 server, expect to receive a response line similar to this:
220 BY1PR10CA0041.outlook.office365.com Microsoft ESMTP MAIL Service ready at Mon, 1 Jun 2015 12:00:00 +0000
If you can't connect to Office 365, your network firewall or Internet Service Provider (IDP) might have blocked port 587 or 25. Correct this so you can send email from your printer.
If none of these issues applies to your device, it might not meet requirements for Transport Layer Security (TLS) encryption. Your device must support TLS version 1.0 or above. Update the firmware on the device to solve this, or try one of the other configuration options where TLS is optional.
For more information about TLS, see How Exchange Online uses TLS to secure email connections in Office 365 and for detailed technical information about how Exchange Online uses TLS with cipher suite ordering, see Enhancing mail flow security for Exchange Online.
This can be caused by a number of issues:
Make sure that you entered the correct user name and password.
Try logging into OWA with the printer's user name and password. Send an email to make sure that the mailbox is active and has not been blocked for sending spam.
Check that your device or application supports TLS version 1.0 or above. The best way to check is by upgrading the firmware on the device or updating the application you're sending email from to the latest version. Contact your device manufacturer to confirm that it supports TLS version 1.0 or above.
This error indicates that the device is trying to send an email from an address that doesn't match the logon credentials. An example would be if your entered login credentials for username@doamin.com in your application settings but the application tries to send emails from scanner@domain.com If your application or printer behaves this way, use Office 365 SMTP relay because SMTP client submission does not support this scenario.
This error indicates that your printer connects to the SMTP client submission endpoint (smtp.office365.com). However, your printer must also logon to a mailbox to send a message. This error occurs when you have not entered mailbox logon credentials in the printer's settings. If there is no option to enter credentials, this printer does not support SMTP client submission; use either direct send or Office 365 SMTP relay instead. See How to set up a multifunction device or application to send email using Office 365.
This error indicates that the device is trying to send an email from an Office 365 mailbox that is on a spam block list. For help, see Removing a user, domain, or IP address from a block list after sending spam email.
This can be caused by a number of issues.
A common reason for issues with direct send is a blocked IP address. If antispam tools detect outbound spam from your organization, your IP address can be blocked by a spam block list. Check whether your IP address is on a block list by using a third-party service, such as MXToolbox or WhatIsMyIPAddress. Follow up with the organization that added your IP address to their block list. Office 365 uses block lists to protect our service. For help, see Removing a user, domain, or IP address from a block list after sending spam email.
To rule out a problem with your device, send a test email to check your connection to Office 365. To send a test email, follow these steps in the article, Use Telnet to Test SMTP Communication. If you can't connect to Office 365, your network or ISP might have blocked communication using port 25. If you can't reverse this, use SMTP client submission instead.
This indicates that you are connecting to the SMTP client submission endpoint (smtp.office365.com), which can't be used for direct send. For direct send, use the MX endpoint for your Office 365 tenant, which ends with "mail.protection.outlook.com." You can find your MX endpoint by following the steps in Option 2: Send mail directly from your printer or application to Office 365 (direct send).
This is by design. Direct send allows email to be sent only to recipients in your organization that are hosted in Office 365. If you need to send to external recipients, use SMTP client submission or Office 365 SMTP relay.
It's not possible to use an IP address in place of an MX endpoint. This could result in your not being able to send messages in the future. If the MX endpoint is too long, consider using SMTP client submission, which has a shorter endpoint (smtp.office365.com).
For direct send, we recommend using a device that sends from a static IP address. This allows you to set up a Sender Policy Framework (SPF) record to help prevent emails being marked as spam. Check that your SPF record is set up with your static IP address. A network or ISP change could change your static IP address. Update your SPF record to reflect this change. If you aren't sending from your own static IP address, consider SMTP client submission instead.
This can be caused by a number of issues.
A common reason for issues with Office 365 SMTP relay is a blocked IP address. If antispam tools detect outbound spam from your organization, your IP address can be blocked by a spam block list. Check whether your IP address is on a block list by using a third-party service, such as MXToolbox or WhatIsMyIPAddress. Follow up with the organization that added your IP address to their block list. Office 365 uses block lists to protect our service. For help, see Removing a user, domain, or IP address from a block list after sending spam email.
To rule out a problem with your device, send a test email to check your connection to Office 365. To send a test email, follow these steps in the article, Use Telnet to Test SMTP Communication. If you can't connect to Office 365, your network or ISP might have blocked communication using port 25. If you can't reverse this, use SMTP client submission instead.
Network or ISP changes might change your static IP address. This results in your connector not identifying and relaying your messages to external recipients. Update your connector and your SPF record with the new IP address. Follow the steps in Option 3: Configure a connector to send mail using Office 365 SMTP relay to edit your existing connector settings.
Office 365 SMTP relay requires your device to send email from a static IP address. Check that your SPF record is set up with your static IP address. A network or ISP change could change your static IP address. Update your SPF record to reflect this change. If you aren't sending from your own static IP address, consider SMTP client submission instead.