Requesting SMTP Relaying for sending unauthenticated email

This document describes the campus unauthenticated SMTP relay service and when it might be appropriate to request relaying services. Please note that unauthenticated relay services are only available to UW-Madison campus IP space and explicitly not available to end user workstations or campus mail servers.

What is SMTP Relay?

An SMTP relay allows Campus servers and devices to programmatically send mail from their applications to their target users without having to run their own mail server. SMTP relaying is necessary when your server, application or device is unable to authenticate to and you need to send email programmatically to recipients that are off-campus and the list of recipients may not be known before the email is generated. This service is limited to campus IP space and is protected by the campus firewall to insulate it from potential spammer access.

Microsoft 365 customers may not need an SMTP relay in all cases. If you are a server or application administrator, please see the following guide to help determine what option is best for your needs: Microsoft 365 - Options for Individual and Programmatic Sending

Terms of Use

  • The unauthenticated relay is only available to systems, services or devices that are located on campus and sending email in support of UW-Madison Teaching, Research or Administrative activities.
  • Server and Service Owners must follow the UW System guidelines for Acceptable Use of Information Technology Resources.
  • Campus partner mail servers or servers that accept mail submissions on port 25 should not use the unauthenticated relay service.
  • Unauthenticated relay services is not available to end user workstations.
  • Use of the service is explicitly prohibited for sending spam, phishing or email with offensive content.
  • The relay service should not be used to send unencrypted HIPAA protected data (Protected Health Information, PHI) to non-UW-controlled email addresses. For more information, see UW-Madison Policy regarding Email Communications Involving Protected Health Information.
  • If the University receives a credible report that a violation of the Terms of Use has occurred, or if, in the course of managing the service, discovers evidence of a violation, then the matter will be referred for investigation, University disciplinary action, and/or criminal prosecution.

Submitting a Request

An SMTP Relay request is only necessary if your application or device is sending email to recipient addresses not hosted in our UW-Madison Microsoft 365 or Google Groups environment. If your application is hosted on campus and you are only sending to UW-Madison M365 or recipients then you may use the service without submitting a request.

To submit a request for SMTP relaying for a new IP address, fill out our SMTP Relaying request form.

If you are the admin of record for a relay you can make changes to an existing relay IP here List Relays.

Please contact the DoIT Help Desk with any other questions regarding relay requests.

Set Up

Once your IP is allowed to relay, you may use the following configuration to relay email.

  • SMTP Server:
  • SMTP Port: 25
  • Id/Password: This is not used. Please leave blank.
  • TLS/SSL: Enabled (where possible)
  • From Address: You must use a valid From address. This address should be a account that is hosted within the UW-Madison Office 365 tenant.

Important: The HELO/EHLO domain used by the application, server or device can not contain the & character

Note on TLS/SSL support: Encrypted communication is required for sending mail to certain external domains (e.g. For the full list of domains that require TLS see: Microsoft 365 - Email Domains that Require TLS

What is the difference between and

They are two different L4 VIPs but there is otherwise no functional difference between and

What IP addresses does the relay service use to send mail?

Relay mail may be sent from the following IP addresses:


These IPs are represented in our published SPF record

Does SMTP Relay support encrypted connections?

The SMTP Relay service offers opportunistic TLS through support of the STARTTLS command which offers a way to upgrade a plain text connection to an encrypted connection. SMTP Relay also forces TLS communication to certain external domains. For the full list of domains that require TLS see: Microsoft 365 - Email Domains that Require TLS.

Is there a message size limit when using SMTP Relay?

Can the relay service be used by off-campus infrastructure?

No, the unauthenticated relay service is not available to off-campus infrastructure. We now offer an Authenticated SMTP Secure Email Relay Service. That service is available to off-campus systems such as applications built on AWS EC2 instances, Lamdba serverless functions, or other 3rd party services. See SMTP Authenticated Secure Email Relay sending for more details.

Can the relay service be used to bypass DMARC requirements?

In some cases it can, but it also further complicates matters. Since the relay service effectively bypasses domain-level authorization of use of email addresses, it would be covering up the forging problem that DMARC would otherwise solve. We need to ensure that the systems we allow to relay have some level of control over who is allowed to send as arbitrary email addresses. We recommend that you consult with us to ensure your messages are DMARC compliant: Microsoft 365 - DMARC Consultation & Information Requests.

Is DKIM signing available?

All email that passes through the campus relay service is DKIM signed for the domain. The relay service does not support custom DKIM signing for specific domains. The application sending the mail will need to DKIM sign those messages if you need to sign for a different domain.

How can I achieve DMARC compliance using a third party email application or service provider without relaying?

  1. Third party email service providers are not allowed to use the domain they can only be configured to use subdomains of (e.g.
  2. For assistance with evaluating whether your email service provider is DMARC compliant, please see: Microsoft 365 - DMARC Consultation & Information Requests
  3. For more information about DMARC and Email Authentication see: Trust in Email Begins with Authentication

One-click Unsubscribe

If you are sending newsletters, calls for research participation, surveys or other forms of bulk mail, your messages need to offer support for one-click unsubscribe. Your application will need to add the appropriate headers to the email messages and handle unsubscribe requests. This is not a feature of the relay service.


Any abuse of this service will result in removal of relaying privileges for the offending IP address.


If you have any questions or would like to discuss relaying options, please contact

Keywordscampus relaying smtp requests sending email programmatically e-mail o365 office microsoft message size limit   Doc ID29362
OwnerO365 S.GroupMicrosoft 365
Created2013-04-08 14:50:47Updated2024-04-08 10:35:54
SitesDoIT Help Desk, DoIT Staff, Microsoft 365, Public Cloud
Feedback  2   0