An SMTP relay is used for sending unauthenticated email. SMTP relaying is necessary when your server application or device is unable to authenticate to Office 365 and you need to send email programmatically to recipients that are off-campus and the list of recipients may not be known before the email is generated. Please note that unauthenticated relay services are not available to end user workstations or mail servers. If you are running a mail server that accepts mail submissions you should not use the campus relay service to also send mail. To submit a request, fill out the form below.
An SMTP relay allows Campus users to programmatically send mail from their applications to their target users without having to run their own mail server. Commonly used for application servers that may generate high volumes of mail and are unable to authenticate to smtp.office365.com. Relay services can be used to send mail to both campus and non-campus mail addresses. This service is insulated from spammers by maintaining a table of IPs allowed to relay.
Office 365 customers may not need an SMTP relay in all cases. If you are a server or application administrator, please see the following guide to help determine what option is best for your needs: Microsoft 365 - Options for Individual and Programmatic Sending
To submit a request for a new SMTP relay fill out SMTP Relaying request form.
If you are the admin of record for a relay you can make changes to an existing relay IP here List Relays.
Please contact the DoIT Help Desk with any other questions regarding relay requests.
Once your IP is allowed to relay, you may use the following configuration to relay email.
Important: You must enter a valid From address. This address can be a firstname.lastname@example.org or email@example.com account that is hosted within the UW-Madison Office 365 tenant.
Note on TLS/SSL support: Encrypted communication is required for sending mail to certain external domains (e.g. uwhealth.org). For the full list of domains that require TLS see: Microsoft 365 - Email Domains that Require TLS
We recommend using smtp.wiscmail.wisc.edu. We will be retiring use of relay.mail.wisc.edu in the future.
Use of relay.mail.wisc.edu requires that the IP address of the device sending email be included in the WiscMail Relay table even if you are only sending to UW Madison Office365 addresses. There is otherwise no difference between smtp.wiscmail.wisc.edu and relay.mail.wisc.edu.
The SMTP Relay service offers opportunistic TLS through support of the STARTTLS command which offers a way to upgrade a plain text connection to an encrypted connection. SMTP Relay also forces TLS communication to certain external domains. For the full list of domains that require TLS see: Microsoft 365 - Email Domains that Require TLS.
Yes (AWS only.) In order to ensure that UW-reserved EC2 ElasticIP addresses are not released and reassigned to a non-UW account, you need to set up an AWS IAM permission to allow the DoIT Email service to periodically read the IP address information about your AWS account. Fill out the SMTP Relaying request form to get started setting up SMTP relay integration with AWS EC2 ElasticIP addresses.
For more information about sending email from AWS see: AWS - Sending Email from EC2 or Lambda.
In some cases it can, but it also further complicates matters. Since the relay service effectively bypasses domain-level authorization of use of email addresses, it would be covering up the forging problem that DMARC would otherwise solve. We need to ensure that the systems we allow to relay have some level of control over who is allowed to send as arbitrary email addresses. We recommend that you consult with us to ensure your messages are DMARC compliant.
If you have any questions or would like to discuss relaying options, please contact firstname.lastname@example.org.