Skip to main content
Contact Us
My preferencesSign out
Proofpoint, Inc.

Set-up for Success: What to Do Prior to Mail Flow Cutover - Office 365

  1. Last updated
  2. Save as PDF

This guide provides an overview of product features and related technologies. In addition, it contains recommendations on best practices, tutorials for getting started, and troubleshooting information for common situations.

Timing

Please keep in mind that turning services on and off adhere to a specific time frame. Please see the Timing KB for more information.

Tip #1: Prepare the MX Record 

  • Set the TTL of your MX record down to as low as your DNS provider will allow. 

Go Daddy will allow this to be set as low as 600 seconds 10 minutes. 

  • The results of doing this are that after making the cutover to Proofpoint mail flow will take and resume in as short a period as possible. 

  • Make sure you have an SPF Entry that is only Proofpoint or that also includes Proofpoint if you have third parties that send out email on your behalf. 

    • SPF for US Customersv=spf1 a:dispatch-us.ppe-hosted.com ~all
    • SPF for EU Customers: v=spf1 a:dispatch-eu.ppe-hosted.com ~all 

Tip #2: Onboard Users Prior to Mail Flow Cutover 

Proofpoint Essentials offers several User Discovery methods. We suggest you discover users prior to mail flow cutover to ensure that we can immediately pass mail. Consider the following questions:

  • Do you want to send a Welcome Email?  If not, see How to Disable Welcome Emails
  • Which User Discovery tool do you want to use? We recommend the following hierarchy, based on the effectiveness of each tool: 

  1. Office 365 Azure Active Directory Sync

  2. Active Directory LDAP Sync 

  3. CSV Import 

  4. SMTP Discovery (we suggest only using this tool as a last resort and for a limited time)

Created vs Other

Outside of SMTP Discovery, Proofpoint will only allow emails in for the specific email addresses created. The outside item is if the user is disabled, then we would also reject as if the email was not created.

Tip #3: Verify Domain 

Verify that you control the domain within the Proofpoint UI. See How to Verify a Domain

Tip #4: Adding Sending Servers 

Add in any and all of your sending servers under Administration before you cut your mail flow over. This also includes turning up Managed Hosted services for either of Office 365 or Google Apps. This can be done in the UI by navigating to Administration > Account Management > Domains > New Sending Servers

Tip #5: Enable Mail Relay Prior to MX Record Change 

Prior to changing your MX record, enable relay for your domain for at least 30-60 minutes in the Proofpoint Web UI. You can accomplish this by going to Administration > Account Management > Domains and clicking the button to the right of your domain until it is shown as green like this example:  

Tip #6: Lock Down O365 to only allow email from Proofpoint

Ensure that the client's O365 environment will only accept mail from Proofpoint: How to Lock Down O365

 

Next Step: Cut over Mailflow by changing your MX Records and testing Mailflow

Once you are ready to cut over mailflow, follow the instructions in Cut Over Mail Flow Like A Pro