Stop SendGrid emails from going to junk for your Office 365 users

Note

Before you implement this solution. We recommend you ensure that you’ve correctly set your SPF records to allow SendGrid to send on your behalf. See here for more info.

We had several customers get in touch with us today reporting that their SendGrid email is going straight to their junk folder. This was caused because an application configured with our customer’s Sendgrid details was used to send out spam email and subsequently blacklisted. Since all of our customers are set up with child accounts under our top level account, we all share the same IP. We identified the affected account and have fixed the issue, however there’ll a bit of lag time before our SendGrid IP is given the all clear.

In the meantime, we can at least ensure that the SendGrid mail is delivered to internal users. We can do this by adding our SendGrid account’s dedicated IP to our customer’s IP Allow list in the Exchange Connection Filter settings.

Here’s what to do if something like this happens to you.

Retrieve the IP for your SendGrid account

  1. Log into https://app.sendgrid.com/settings/ip_addresses with your SendGrid username and password
  2. Make a note of your Dedicated IP AddressesSendGrid Dedicated IP Addresses

How to add an IP to Office 365 Exchange Online Connection Filter for a single Office 365 tenant

  1. Connect to Office 365 Exchange Online as a Global or Exchange Admin. Follow our quick guide here for more info
  2. Edit and run this cmdlet to add your SendGrid dedicated IP to your Office 365 connection filter. Replace 999.999.999.999 with your SendGrid dedicated IP.
Set-HostedConnectionFilterPolicy -Identity default -IPAllowList @{add="999.999.999.999"}

 

How to add an IP to Office 365 Exchange Online Connection Filter for all Office 365 delegated tenants

Run this script as an Office 365 Admin with delegated permissions on your customers’ Office 365 tenants.

# This is the cmdlet you'll need to edit with your own SendGrid Dedicated IPs (replace 999.999.999.999). 
# If you're adding multiple dedicated IPs, format them as follows: @{add="999.999.999.999","999.999.999.999"}}
 
$ScriptBlock = {Set-HostedConnectionFilterPolicy -Identity Default -IPAllowList @{add="999.999.999.999"}}
 
# Establish a Windows PowerShell session with Office 365. You'll be prompted for your Delegated Admin credentials
$Cred = Get-Credential
Connect-MsolService -Credential $Cred 
$customers = Get-MsolPartnerContract -All
Write-Host "Found $($customers.Count) customers for this Partner."
 
foreach ($customer in $customers) { 
    # Get the initial domain for the customer.
    $InitialDomain = Get-MsolDomain -TenantId $customer.TenantId | Where-Object {$_.IsInitial -eq $true}

    # Construct the Exchange PowerShell URL with the DelegatedOrg parameter.
    $DelegatedOrgURL = "https://ps.outlook.com/powershell-liveid?DelegatedOrg=" + $InitialDomain.Name

    Write-Host "Changing setting for $($InitialDomain.Name)"

    # Connect to your customers tenant and run the script block
    Invoke-Command -ConnectionUri $DelegatedOrgURL -Credential $Cred -Authentication Basic -ConfigurationName Microsoft.Exchange -AllowRedirection -ScriptBlock $ScriptBlock -HideComputerName
}

Was this article helpful?

Related Articles