Category Archives: Relay

Configure SendGrid in Microsoft Azure for email campaigns and smtp relay

With Microsoft Azure and SendGrid sending email campaigns for the organization will be a lot simpler. The SMTP relay configuration on applications for developers will be hassle free and much secure. We can go up to two SendGrid subscriptions on every azure account. Sendgrid gives a lot of adaptability towards utilizing either webapi on the application sending messages or to utilize the normal SMTP relay configuration.

This article outlines the steps carried over to create send grid accounts in Microsoft Azure.
Login to azure portal – Search for SendGrid and create SendGrid account.

We must select the pricing tier. Good thing is that we get F1 free with Azure subscription of 25000 emails per month which has custom API integration with advanced tracking mechanism.

Once created we must run through few initial configuration steps.

Now once the account is created, we would need to authenticate our domain so that the send grid can send emails on behalf of our registered domain.

We need to add the cname records on our DNS portal.

Once after entering the domain we have options to use automated security which will rotate the DKIM keys for our domain, custom return path and use custom DKIM selector.

Create the associated CNAME records for SMTP and DKIM on our public DNS.

Once after publishing the records our domain validation will be successful.

Upon successful verification navigate to the setup option and choose first option to configure Web API or SMTP relay. If we are going with the latter option we just need to generate the API key and use them on the php file or the api depending on the workload of the website which requires this service.

Now we have two options to set up using webapi or SMTP relay

Once completed the below integration we get the option to use API key and regular SMTP relay on the application

One of the best things is that we do have an option to create multiple API keys. This is ideal for developers to use their own API keys which will be tracked and used only by them.

We still do have multiple options to further reiterate the permission levels while creating the API keys. Once the API keys are created it will be displayed only once on the portal and can’t be seen again. This is for security concern and must be copied and shared with the application developer who would be using this API key to send emails.

Plentiful  of options available on the email tracking with send grid like people who have opened, clicked,unsubscribed , emails bounced and all of the actions which are available below.

Below options are present in Suppression

There is design library and template section which is very useful and can be used to create email campaigns

We have decent options to create a well drafted marketing email. There is sufficient amount of modules that can be used for a perfect email campaign.

Before sending the email to all audiences we have option to send test with few recipients and below is the test email received from sendgrid.

There are few templates available in the design libraries which can be utilized for creating new marketing templates.

We have full and partial html and can choose the best html based on our experience.

Statistics overview gives much detailed information on the email campaign delivery and customer interests.

On the activity field we can see the detailed information on the recent mass campaign sent through sendgrid

On a attempt to send an email from an unverified sendgrid account we do get immediate bounce back

Spam Reports are triggered when a user who receives the email marks them as spam button or places the email in their spam folder within their email client gmail,yahoo or other service providers.

With Microsoft Azure and very few clicks we can enable organizations to have a fully capable email campaign and modern smtp relay solution.
This avoids the major efforts of creating a dedicated server on the on premise network , creating allow lists , configuring permissions, performing timely updates ,securing and maintaining them.We need to ensure that the sendgrid SPF,DKIM records are populated in the DNS portal to get aligned with the email authentication policy.

Thanks & Regards

Sathish Veerapandian

Sending Mass Mailers ,Marketing Emails, News letters via Exchange ?

At times we might get requirement where we want to  send mails in bulk from our messaging system to internal/external users for business case.

Though sending bulk emails is not at all advised due to many factors but however when business demands we do not have any other option other than going further.

The business may demand where we need to configure our mailing system to send advertisements, newsletters to the partners, customers in a week , in a day or even in every 2 hours.

We  would need to configure this requirement  in a way that it should not be getting affected on the below parameters :

a) Without affecting our normal email operations and without affecting our messaging system performance.

b) Without getting blacklisted as a spammer.

c) The Mass email that we send should Land-Up in the end users inbox ,not in spam folder and shouldn’t be trapped in their filters.

Based on industry best practices i have collected few points which can be taken into consideration when we plan for this type of requirements:

1) Determine how the mass mails are going to be sent  from which application ( Whether its internal ip  or external ip). Then  the mass mailers recipients ( whether it goes only to internal recipients or to both internal and external recipients). If its for internal recipients only the job wouldn’t be more complex.

2) If its going to be from an external IP then better don’t allow to relay these bulk emails through your domain.

3) Its not advised to allow sending bulk emails from an unregistered external ip to external users  from your domain since your IP and domain will get blacklisted in a matter of day.

4) If still there is a requirement to send mass mailers from external IP’s make sure the below are met :-

a) Send the mail using a known and registered sender address(domain) of which the domain part is traceable using reverse lookup, and has a valid  SPF.

b) Make sure they send all the emails with the correct subject ,message bodies, unsubscribe and adhere to all the local and legal requirements.

c) Try convincing the marketing team or the team who sends bulk email  to use  a different domain and a different IP address as your connecting IP  will  get blacklisted easily and will affect your production emails.

5) There are few SMTP appliance that can be placed in the DMZ which can accept emails from the mass mailing apps and can do the job.

There are more number of cheap bulk emailing tools that will do this job easier, including dealing with bounces, unsubscribe requests etc. Its even better to outsource  this requirement to any one of them.

Since the major outsourced providers are doing this business for a while in the market they will have all the configurations and settings in place with the ISP’s which will increase the delivery success rate of these emails.


But still if you would like to go for the mass mailing for external IP’s domains to external users  through exchange make sure the below conditions are met :

1) Create a dedicated server (CAS+MBX) for doing this job. Configure relay on this server.

2) Create a new database , Create the sender mailbox alone on this new database.

3) Create additional number of transport servers for load balancing  since SubmissionServerOverrideList  switch cannot be used from Exchange 2013. If you add Exchange 2010 hub server for this then you can use SubmissionServerOverrideList for that DB to use only that HUB server which will not affect the other transport servers.

Also make sure the below values are set in the send connectors :

Maximum concurrent outbound connections: 1000 *

Maximum concurrent outbound connections per domain: 20*
Set-SendConnector -SmtpMaxMessagesPerConnection 200


Also make sure  that you alter and configure these values on the relay receive connectors according to the number of  bulk emails  :


Finally make sure these bulk emails are sent only during off business hours in-order to avoid load on the transport services during production hours.

Hope this helps !!


Sathish Veerapandian

MVP – Exchange Server

Steps to configure anonymous or authenticated relay in Exchange 2013

Basically there can be 2 types of relay which will be used in an organization for relaying applications.

1) Internal Relay: Which might be an application which submits emails to exchange and in turn it delivers emails to users mailbox as a daily report, faxes etc.,

2) External Relay: An application might send out fax like invoice, quotation etc., to an external vendor for daily operation purpose.In turn the vendor can also send out some automated emails like daily sales report to user’s mailbox.

In order for both the functionality to work we need to have relay configured on the exchange side

The submission of the relay can happen in 2 ways

1) Anonymous

This relay happens through anonymous connection which means any account within that subnet assigned in the relay connector is authorized to submit emails to the organization.

2) Authenticated

This relay happens only through specific authenticated account by which the emails are submitted to the exchange side from the application, fax etc.,

For the authenticated relay to happen first we need to Create/configure a service account for the applications/copier to use

In this article we will be seeing on how to configure relay permission on Exchange 2013

First open EAC and then click on Mail Flow

Select the required server and then click on + Sign


Type the name of the connector and then select Custom


Click next and now we need to assign the correct subnets and the ip address

Note:This is very important point since giving permission to unknown subnets will make the server to behave as an open relay which is ready to accept spam messages. Ensure that you are giving only to the known subnets which requires relay.


Now add the subnets


Click finish. And now we need to give permission accordingly to the type of relay that we are going to assign to this connector

1) Anonymous

2) Authenticated

First we will look on how to give anonymous permission

Double click or click on edit on the relay connector


Select anonymous users which is under security and click save


Now we need to give required authentication to this anonymous users account for this connector. This can be done in 2 ways

Through Exchange Management Shell

Through ADSI Edit

We will see on how to grant permission through ADSI edit.

Open adsiedit and navigate to below location


Click security and select anonymous logon and click submit messages to any recipient

Note: This permission should be granted only on relay connectors and it should never be granted on default receive connector.


Follow the same steps for authenticated relay except for giving permission to anonymous user account give submit messages to any recipient permission to the associated service account.

Also you can run the below command to grant permission on anonymous account for relay connector alone.
Get-ReceiveConnector “Anonymous Relay” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “Ms-Exch-SMTP-Accept-Any-Recipient”

Sathish Veerapandian

%d bloggers like this: