Microsoft's Exchange Online service deprecated BASIC authentication at the beginning of 2023. Unfortunately, many companies use legacy applications that need to send outbound emails, and modifying these applications is costly and cannot be done fast enough. This page discusses an alternate approach for sending outbound emails with little or no impact on your existing applications.
The following diagram displays a network diagram of email flow before Microsoft enforced this change. Let's assume the following is true:
This logic worked fine until early 2023 but not anymore because Microsoft has deprecated BASIC Authentication.
A simple workaround to this problem is to configure your CRM application, so it sends its emails to another email server, such as Xeams, which can then deliver the message to the final recipient. The goal is to send outbound emails directly to the recipient's SMTP server, which will never require authentication.
The following network diagram displays how the emails flow once Xeams is introduced.
You will have to make the following changes in your environment for this to work:
v=spf1 include:spf.protection.outlook.com -all
v=spf1 include:spf.protection.outlook.com ip4:126.96.36.199 -allThe text above assumes your public IP address is 188.8.131.52.
The key point in this design is that authentication is never used. Emails destined for foreign domains, like @gmail.com or @yahoo.com, will not go through Exchange Online. Instead, they will go directly to the destination server, which will not require authentication.
Exchange Online will still receive emails sent to internal users since the message will come from an IP address in your SPF record.