Basic Settings

365 Total Protection can only operate correctly if basic settings are made for all created domains after mailbox synchronization.

365 Total Protection can only protect your mailboxes if all incoming emails from senders outside your organization and all outgoing emails to recipients outside your organization are routed to our servers. The following requirements apply:

  • The MX records of the DNS zones of your domains point to our servers (see Adjusting MX Records). As a result, incoming emails from the domains are first routed to our servers. Our servers then forward the incoming emails to Microsoft 365.


    Our servers forward incoming emails to the address of the Microsoft 365 destination server that was automatically determined during the initial synchronization (see Setting up 365 Total Protection). Thus, this address does not need to be communicated to us separately.

    As soon as mailboxes are assigned a primary or secondary environment, our servers will no longer forward the incoming emails of the mailboxes to the automatically determined address, but to the addresses of the assigned environments (see Adjusting the Primary Environment Settings and Secondary Environments).

  • Your mailboxes can only receive emails that have been processed by our services. This requires setting up a connector in Microsoft 365 for inbound email traffic that allows only emails from our IP address ranges. This connector can be created automatically (see Configuring Inbound and Outbound Email Traffic Automatically).
  • The spam filter of Microsoft 365 is deactivated for the IP address ranges of our servers (see Deactivating the Microsoft 365 Spam Filter for the IP Address Range of Hornetsecurity). Otherwise, the Microsoft 365 spam filter would classify the emails we process as spam.
  • For outbound email traffic, a connector has been set up to redirect the outgoing emails from your mailboxes to our smarthost. Only then can our services process all outgoing emails to mailboxes outside your organization. After the processing, our smarthost sends the outgoing emails to their recipients. This connector can be created automatically (see Configuring Inbound and Outbound Email Traffic Automatically).
  • The SPF records of your domains point to our SPF records (see Adjusting SPF Records). This is the only way that the emails sent via our smarthost can be recognized as legitimate and accepted by the recipients' incoming email servers during an SPF check (see SPF Check).