MX Record Bypass: How Attackers Skip Third-Party Spam Filters

Every Microsoft 365 domain gets a default MX (Mail Exchanger) record in the format domain-tld.mail.protection.outlook.com. This record exists even when an organization routes inbound mail through a third-party cloud spam filter. Attackers who find this hostname can send email directly to Exchange Online, completely skipping the external filter. In our review of client configurations, messages sent this way land in inboxes with no third-party filter headers at all - as if the filter never existed.

This is not a software vulnerability. It is a configuration gap - a door left unlocked because the tenant was never told to close it.

How Does MX Record Bypass Work?

The attack path needs almost no skill or special tooling. Microsoft generates the default MX record the moment a domain is added to a tenant, and that record is publicly resolvable via standard DNS queries. Anyone can find it.

Once the attacker has the hostname, they point any SMTP client or online test tool at port 25 and address the message to a valid mailbox. As explained in this technical walkthrough by Ali Tajran, a simple web-based SMTP test tool is enough to complete delivery. Analyzing the message headers afterward confirms it: the third-party filter never touched the message.

The steps at a high level:

1. Run a DNS lookup to find domain-tld.mail.protection.outlook.com
2. Connect to that hostname on port 25 using any SMTP client or test utility
3. Address the message to a real user in the tenant
4. Check headers - no third-party filter stamps appear

This threat does not exist in isolation. Phishing campaigns delivered through SEG bypasses have grown sharply: Egress reported a 52.2% rise in phishing attacks that bypassed Secure Email Gateway detection in Q1 2024, and 84.2% of those phishing emails passed DMARC authentication - the very protocol most SEGs rely on to verify senders.

Why Does the MX Record Bypass Matter for Sysadmins?

Organizations using a third-party spam filter assume all inbound mail passes through it. That assumption breaks the moment an attacker - or even an automated botnet - finds the direct MX path. The organization paid for and configured a filter that anyone can walk around in minutes.

The scale of the threat makes this gap consequential. Microsoft blocked 35.7 billion phishing and malicious emails in 2025 across Microsoft 365 and Outlook.com - roughly 97.8 million per day. When a single configuration gap routes traffic around a filter, even a small percentage of that volume becomes a serious exposure.

When we tested this against a lab tenant, a message sent to the raw mail.protection.outlook.com endpoint bypassed a configured third-party filter and landed in the inbox within seconds. No alerts fired. No quarantine entry appeared. The gap was silent.

For context on how access brokers turn exactly this kind of quiet entry point into a full breach, see our coverage of the Mistic Backdoor tied to KongTuke ransomware broker.

How Enhanced Filtering Makes the MX Record Bypass Worse

When you enable enhanced filtering (skip listing) in Exchange Online, you tell EOP to defer its own judgement and trust the upstream third-party filter. That is correct behavior for normal mail flow. The problem is what happens to direct-path traffic.

Mail arriving via the direct MX path skips the third-party filter. EOP then receives it with enhanced filtering active - meaning EOP also reduces its own scanning. Both protection layers apply reduced scrutiny to the same message. The Microsoft Learn documentation on enhanced filtering for connectors explains how skip listing is designed for legitimate upstream hops, not as a blanket trust grant for all inbound sources.

Running both filters in full-inspection mode creates a separate problem: messages get double-scored and legitimate mail gets blocked. The accepted architecture is one active primary filter, with EOP deliberately dialed back when a third-party product takes the primary role. That is why the direct-path gap is so damaging - it exploits the configuration that makes the recommended architecture work.

EOP vs. Third-Party Spam Filters: Which Layer Does What?

How Do Attackers Locate the MX Record Bypass Endpoint?

Microsoft's naming convention follows a fixed pattern. Given a domain name, anyone can predict the default MX hostname with no special reconnaissance. For a domain example.com, the record is example-com.mail.protection.outlook.com - hyphens replace dots in the domain portion. No credentials, no API access, no inside knowledge needed. A basic DNS query confirms it in seconds.

Free MX lookup tools such as MXToolbox return this value instantly. The same tools threat actors use for routine reconnaissance expose the endpoint as a side effect. This is why CISA's phishing guidance consistently emphasizes closing unauthenticated inbound paths rather than relying on detection alone.

57.9% of phishing emails detected between September 2024 and February 2025 were sent from compromised legitimate accounts, meaning they bypassed authentication-based filters by appearing to come from trusted senders, according to Zensec. Direct MX delivery compounds this: an attacker spoofing a trusted sender via the raw endpoint faces no upstream filter challenge at all.

For a related example of how callback phishing exploits trusted delivery paths, see our article on callback phishing via the Shop App targeting 875 million users.

How to Close the MX Record Bypass Gap

The fix is a connector restriction in Exchange Online. Configure the inbound connector to accept SMTP connections only from the IP ranges your third-party filter publishes. Everything else gets rejected before EOP processes it.

High-level steps:

1. Obtain the full list of outbound IP ranges from your third-party spam filter vendor
2. In the Exchange admin center, open the inbound connector that receives mail from that filter
3. Set the connector to require that the source IP matches those ranges
4. Test by sending a message directly to domain-tld.mail.protection.outlook.com from an unlisted IP - it should be rejected
5. Verify legitimate mail still flows normally through the approved path

For a worked example of connector and mail-flow configuration in Exchange Online, our Exchange OWA brute-force protection guide covers the admin center patterns you will reuse here. If you manage connector objects via PowerShell, the same automation approach in our distribution group migration guide applies to connector scripting as well.

Key Takeaways

• Every Microsoft 365 tenant has a default MX record in a predictable format, regardless of what the public MX record points to.
• Sending mail directly to that default endpoint bypasses any third-party spam filter in front of the tenant.
• Enhanced filtering reduces EOP's own scanning on the same traffic, so direct-path mail can pass both layers with minimal scrutiny.
• The fix is restricting the inbound connector to accept SMTP only from your approved filter's IP ranges.
• Test your own tenant: a message sent to the default MX record that arrives without third-party filter headers means the gap is open and needs immediate attention.