Set-up for Success: What to Do Prior to Mail Flow Cutover - Office 365
This guide provides an overview of product features and related technologies. In addition, it contains recommendations on best practices, tutorials for getting started, and troubleshooting information for common situations.
Timing
Please keep in mind that turning services on and off adhere to a specific time frame. Please see the Timing KB for more information.
Tip #1: Prepare the MX Record
-
Set the TTL of your MX record down to as low as your DNS provider will allow.
Go Daddy will allow this to be set as low as 600 seconds 10 minutes.
-
The results of doing this are that after making the cutover to Proofpoint mail flow will take and resume in as short a period as possible.
-
Make sure you have an SPF Entry that is only Proofpoint or that also includes Proofpoint if you have third parties that send out email on your behalf.
- SPF for US Customers: v=spf1 a:dispatch-us.ppe-hosted.com ~all
- SPF for EU Customers: v=spf1 a:dispatch-eu.ppe-hosted.com ~all
Tip #2: Onboard Users Prior to Mail Flow Cutover
Proofpoint Essentials offers several User Discovery methods. We suggest you discover users prior to mail flow cutover to ensure that we can immediately pass mail. Consider the following questions:
- Do you want to send a Welcome Email? If not, see How to Disable Welcome Emails
- Which User Discovery tool do you want to use? We recommend the following hierarchy, based on the effectiveness of each tool:
-
SMTP Discovery (we suggest only using this tool as a last resort and for a limited time)
Created vs Other
Outside of SMTP Discovery, Proofpoint will only allow emails in for the specific email addresses created. The outside item is if the user is disabled, then we would also reject as if the email was not created.
Tip #3: Verify Domain
Verify that you control the domain within the Proofpoint UI. See How to Verify a Domain
Tip #4: Adding Sending Servers
Add in any and all of your sending servers under Administration before you cut your mail flow over. This also includes turning up Managed Hosted services for either of Office 365 or Google Apps. This can be done in the UI by navigating to Administration > Account Management > Domains > New Sending Servers.
Tip #5: Enable Mail Relay Prior to MX Record Change
Prior to changing your MX record, enable relay for your domain for at least 30-60 minutes in the Proofpoint Web UI. You can accomplish this by going to Administration > Account Management > Domains and clicking the button to the right of your domain until it is shown as green like this example:
Tip #6: Lock Down O365 to only allow email from Proofpoint
Ensure that the client's O365 environment will only accept mail from Proofpoint: How to Lock Down O365
Next Step: Cut over Mailflow by changing your MX Records and testing Mailflow
Once you are ready to cut over mailflow, follow the instructions in Cut Over Mail Flow Like A Pro