If you are deploying Outlook Live mailboxes to supplement an existing on-premises messaging system, you may want to have a shared address space. A shared address space is when two different messaging systems share the same domain suffix.
There are two ways to configure a shared address space. This topic describes the on-premises relay configuration, in which all e-mail sent to recipients in the shared address space by a sender on the Internet is first delivered to the on-premises messaging system. The on-premises messaging system is responsible for forwarding e-mail addressed to recipients in Outlook Live.
You may also want to consider Shared Address Space with Outlook Live Relay. With Outlook Live relay, all e-mail sent to recipients in the shared address space by a sender on the Internet is first delivered to Outlook Live, and Outlook Live is responsible for forwarding e-mail addressed to recipients in the on-premises messaging system using mail users.
An example of on-premises relay
Contoso University uses the @contoso.edu address space for all faculty and staff e-mail addresses in an on-premises messaging system. Contoso University plans on giving all students Outlook Live mailboxes. However, Contoso University wants all faculty, staff, and students to use the @contoso.edu domain suffix for all e-mail addresses. All e-mail messages must leave the organization with an @contoso.edu From: address, whether the sender is in the on-premises messaging system or in Outlook Live. All incoming messages with an @contoso.edu e-mail address should be correctly delivered whether the recipient is in the on-premises messaging system or in Outlook Live. To achieve this goal, Contoso University has to implement a shared address space.
The following diagram illustrates the deployment of a shared address space for Contoso University.
Note the following key points:
-
All e-mail sent to any @contoso.edu recipient by a sender on the Internet is first delivered to the on-premises messaging system.
-
The on-premises messaging system is responsible for forwarding e-mail addressed to students in Outlook Live.
Required components for a shared address space
To make the shared address space work, you need the following components:
-
Multiple domains
-
Multiple e-mail addresses
Ironically, to configure a single shared address space, you need to configure multiple domains. The following domains are required for a shared address space:
-
The domain for the shared address space itself In this example, the shared domain is @contoso.edu. This is also the domain that is used for the on-premises messaging system.
-
A specific domain for mailboxes in Outlook Live In this example, the Outlook Live domain is @live.contoso.edu.
The Outlook Live domain must be different from the on-premises domain so e-mail is correctly routed between the on-premises messaging system and Outlook Live. Senders and recipients that are outside the organization don't care about the Outlook Live domain, but it is a vital part of making the shared address space work correctly.
Multiple e-mail addresses
A key ingredient to a shared address space is correctly configuring the e-mail addresses on mailboxes in the on-premises messaging system and in Outlook Live.
Here's how the e-mail addresses must be configured on all mailboxes:
-
The primary address The primary address is used as the From: address for all messages sent from the mailbox. There can be only one value for the primary address. In this example, everyone's primary address is in the shared address space @contoso.edu.
-
Proxy addresses Proxy addresses are additional addresses for a mailbox. Proxy addresses are also known as secondary e-mail addresses. The mailbox can receive e-mail sent to any of its proxy addresses. The primary address is always listed as a proxy address.
Here are the correct values for the primary address and proxy addresses for on-premises mailboxes and Outlook Live mailboxes.
|
|
On-premises mailboxes
|
Outlook Live mailboxes
|
|---|
|
Primary address
|
<user>@contoso.edu
|
<user>@contoso.edu
|
|
Proxy addresses
|
<user>@contoso.edu
|
-
<user>@contoso.edu
-
<user>@live.contoso.edu
|
How does e-mail delivery work in the shared address space?
When you share an address space between an on-premises messaging system and Outlook Live, one of the messaging systems must be configured as authoritative for the shared address space. When the messaging system is designated as authoritative for the @contoso.edu domain, all unresolved recipients generate a non-delivery report (NDR). This configuration prevents e-mail for nonexistent recipients from bouncing back and forth indefinitely between the on-premises messaging system and Outlook Live.
You configure the shared address space @contoso.edu in Outlook as a non-authoritative address space. If the @contoso.edu recipient isn't found in the Outlook Live shared address book, the message is forwarded to the on-premises messaging system for processing. If the recipient doesn't exist, the on-premises messaging system is responsible for generating the NDR.
If @contoso.edu is configured as the authoritative name space for the on-premises messaging system, how does the on-premises messaging system know to forward messages for valid Outlook Live recipients to Outlook Live without generating an NDR? The on-premises messaging system must be configured with a forwarding solution that converts the @contoso.edu recipients to @live.contoso.edu recipients. For example:
-
You create mail users or mail contacts in the on-premises address book for all Outlook Live recipients.
-
You use address rewriting from @contoso.edu to @live.contoso.edu for all unresolved @contoso.edu recipients.
Other forwarding solutions may also be available depending on the nature of the on-premises messaging system. Regardless of the forwarding solution that you use, make sure that e-mail for nonexistent recipients is handled correctly for both the on-premises messaging system and Outlook Live.
Examples of how e-mail is delivered
As noted earlier, the on-premises messaging system is configured to accept all incoming e-mail from the Internet for the shared address space. In the Contoso University example, all e-mail for the @contoso.edu domain is delivered to the on-premises messaging system. You accomplish this by configuring the MX record for the contoso.edu domain in an Internet-facing DNS server to point to the on-premises messaging system.
After the e-mail arrives, the on-premises messaging system is responsible for correctly determining if the recipient has a mailbox in the on-premises messaging system or in Outlook Live, and then delivering the message or forwarding the message as appropriate.
Here are two interesting e-mail routing scenarios in a shared address space:
-
E-mail sent to students in Outlook Live The messages could come from external senders on the Internet, or from faculty and staff in the on-premises messaging system. The on-premises messaging system is configured to forward e-mail for students in Outlook Live to Outlook Live. The required configuration depends heavily on the nature of the on-premises messaging system. For details, see Configure a Shared Address Space with On-Premises Relay.
-
E-mail sent from students in Outlook Live to faculty and staff in the on-premises messaging system The shared address space @contoso.edu is configured as an internal relay domain in Outlook Live. When the faculty or staff recipient isn't found in the Outlook Live shared address book, the message is routed to the Internet, and the contoso.edu domain points to the on-premises messaging system, so the message is delivered successfully.
Internal e-mail between recipients in the on-premises messaging system or between students in Outlook Live isn't so interesting. In both cases, the recipients are in their respective address books, so the message is delivered locally.
Likewise, outgoing e-mail to recipients outside the organization isn't very interesting. The on-premises messaging system uses its existing path to the Internet to deliver e-mail messages to the Internet for recipients outside the organization, and Outlook Live delivers messages directly to the Internet.
In the shared address space scenario, when incoming e-mail is first delivered to the on-premises messaging system before being forwarded to Outlook Live, the on-premises messaging system becomes a single point of failure. The Outlook Live domain can be functioning normally, but because something is wrong with the on-premises messaging system, e-mail can't be delivered to Outlook Live recipients.
Also, the on-premises messaging system is responsible for protecting messages that are forwarded to Outlook Live from spam and viruses. Failure to do so may cause the e-mail coming from the on-premises messaging system to be blocked or severely throttled by Outlook Live.