Office365 Catch-all email address

Office 365 runs on Exchange, which for some time has been without the ability to run a catchall account.

I’d advise against catch-alls for various reasons, so this info is at your own risk.

However if you really really need a catch-all setup, here’s how you can do it.


Let’s assume you registered your domain before moving to Office 365.


When you setup your Office365 account, you get a new email account setup in the format

What you may not know is that this is a valid email address in the ether, even after you have validated your domain and changed your primary address to be


So we can use this to our advantage. Login to your email control panel with your registrar, and create a catch-all email forward to – and voila!


This setup relies on you keeping the MX records with your existing host, and creating individual email forwards for each user/group etc in your Office365 plan, so you might have something like this in the registrar’s mail settings:

* => => => =>


The exact settings will depend on what you’ve setup thus far of course. You can also use this setup to mix-n-match using Office365 and POP3 accounts from your registrar, should you need to do so. You will also need to set the domain to be shared within the Office365 admin setup, so that it doesn’t reject messages to your POP accounts.

My legitimate email was rejected – why?

When mail servers receive incoming requests, they are now employing a variety of methods to determine if the sender is a spammer. These include;

–    IP realtime blacklists – checking with a database provider such as Spamhaus whether the server that is connecting is on a list of servers that is known to be sending spam

–    IP-block blacklists – checking (usually with a database provider but sometimes using other methods) whether the server that is connecting is connecting from an address that is contained in within a block of addresses known to be used by internet providers as a dynamic range; that is, users of these addresses are not static and in theory should not be running email servers. IP-Block blacklists can also be used to reject email from servers in particular countries, such as far-Eastern countries where a lot of spam comes from.

–    Checking whether the name reported by the connecting server (e.g. matches the IP address it is connecting from – this requires a DNS entry that correctly resolves to the mail server, and a PTR record for reverse lookup

–    Checking whether the email domain in the ‘from’ field has an SPF record, and if it does, whether the server sending this message is on the list. SPF is a DNS record which says ‘for our domain, only the following servers should be sending mail on our behalf; anyone else is probably just pretending to be us’

–    Greylisting – not accepting the message first-time around, and making the sending server retry; since spammers rarely bother retrying

–    Content filtering – looking at the content of the email, looking for keywords and phrases, layouts, etc to judge whether the email is likely to be legitimate. These are usually the most difficult to get right, since a subject matter that one company might consider spam, another might deal in buying and selling of such.


When an email is rejected you get an email back telling you that it was undeliverable – and crucially the reason it was undeliverable. Few people ever read these messages in-depth, but they contain the key to the reason your email was rejected.


If you are having difficulty sending emails from your email server, please give us a call, and we’ll ask you to forward the NDR (Non-delivery report) email to us for analysis.

Tags: ,