Overview
What you’ll need:
- Trial subscription with Paubox (don't have one? sign up here!)
- A Microsoft 365 account (Business Basic, Standard, or Premium)
- Microsoft 365: Admin access to your organization's Microsoft Exchange Admin (https://admin.exchange.microsoft.com/#/homepage)
- Domain: Admin access to your organization's Domain Host (for ex. GoDaddy or Cloudflare)
- The smarthost value - provided by Paubox during setup
Note: Make sure you can log into Microsoft 365 & Domain Host as an admin before proceeding. If you don’t have login credentials or permissions, reach out to who set up your Microsoft 365 account and/or website.
What you’ll do:
- Domain: Update the records in your domain host
- Microsoft 365: Create a connector
- Paubox dashboard: List the email addresses for secure sending, and upload your organization's logo
- Test: Send a test email & see it in your Paubox dashboard
Questions? Stuck? We’re here for you! support@paubox.com
![]()
Step-by-step guide
Part I: Your domain - update your records
- Log in to your domain host
- Click on the Control Panel (may also be called DNS Zone Editor, or just DNS)
- If you see a record of type TXT with a value similar to: v=spf1 include:spf.protection.outlook.com -all
- Edit the record and insert "include:_spf.paubox.com" just before the -all; for example:
v=spf1 include:spf.protection.outlook.com include:_spf.paubox.com -all - Note: there may be other "includes" or IP numbers in the record, that is fine, just insert the "include:_spf.paubox.com" right before the -all
- Click Save
- Edit the record and insert "include:_spf.paubox.com" just before the -all; for example:
- If you do not see a record of type TXT that starts with v=spf1, create a new one:
- In the Records section, click Add (may also be called Add Record)
- For Type, enter TXT
- In the Host Field, type: @ (if it does not accept the @ symbol, enter your domain)
- In the TXT value or Text field, type this line:
v=spf1 include:spf.protection.outlook.com include:_spf.paubox.com -all
- Leave the default value in the TTL field
- Click Save
Part II: Microsoft 365 - create a connector
- Log in to the Microsoft 365 Exchange Admin Center using admin-level credentials (https://admin.exchange.microsoft.com/#/homepage)
- In the navigation pane on the left, click mail flow. Then click connectors. You should see a screen like this:
1.png?width=688&height=352&name=kb_Outbound%20Security%20setup%20for%20Microsoft%20365%20(detailed)1.png)
- Click + Add a connector
- On the pop-up window that follows, select From: Office 365 and To: Partner organization.
2.png?width=688&height=447&name=kb_Outbound%20Security%20setup%20for%20Microsoft%20365%20(detailed)2.png)
- Then click Next
- Under *Name: enter Paubox. Make sure the checkbox labeled Turn it on is checked, then click Next
3.png?width=688&height=456&name=kb_Outbound%20Security%20setup%20for%20Microsoft%20365%20(detailed)3.png)
- On the next screen, under Specify when you want to use this connector., select Only when email messages are sent to these domains
4.png?width=688&height=516&name=kb_Outbound%20Security%20setup%20for%20Microsoft%20365%20(detailed)4.png)
- In the Add domain field, enter * then click the blue box with the + sign
5.png?width=688&height=412&name=kb_Outbound%20Security%20setup%20for%20Microsoft%20365%20(detailed)5.png)
- Click Next
- Choose Route email through these smart hosts
6.png?width=688&height=494&name=kb_Outbound%20Security%20setup%20for%20Microsoft%20365%20(detailed)6.png)
- During setup, you'll be provided with the smarthost value to enter in the In the "add smart host" box
- Enter the provided smarthost, then click then click +
- Click Next
- On the next screen, make sure Always use Transport Layer Security (TLS) to secure the connection (recommended) and Any digital certificate, including self-signed certificates are selected. Click Next.
7.png?width=688&height=344&name=kb_Outbound%20Security%20setup%20for%20Microsoft%20365%20(detailed)7.png)
- Click Next again
- On the next screen, enter a test email address as the validator email address: paubox15@gmail.com
... and then click the box with the blue + sign - Click Validate
8.png?width=688&height=406&name=kb_Outbound%20Security%20setup%20for%20Microsoft%20365%20(detailed)8.png)
- After the test is successful, click Next
- Next, click Create Connector
9.png?width=688&height=496&name=kb_Outbound%20Security%20setup%20for%20Microsoft%20365%20(detailed)9.png)
- Click Done
- The Paubox connector for Microsoft 365 is now live.
Part III: Paubox dashboard - enter email addresses; upload logo
- Navigate to the Paubox dashboard (https://www.paubox.com & "Sign In")
- Log in with your email address and password (not sure? click "Forgot your password?")
- Click on "Encrypted Senders" and "Add Single Sender" to enter every email address that should be sending securely via Paubox if not already listed (at your limit? email support@paubox.com)
- Click on "Overview" and under "Domain Settings" upload your organization's logo
Part IV: Test email
Sending a test email
- Log in to your email account
- Compose a new email to: paubox15@gmail.com with the subject: Test
- Enter anything you like in the message body, and click Send
- Congratulations! You have sent your first secure email via Paubox!
Verifying a test email
- Navigate to the Paubox dashboard
- Log in with your email address and password (not sure? click "Forgot your password?")
- Under Outbound, click on Statistics
Verify green bar graph shows outbound email count passing through our servers
4. Under Outbound, click on Mail Log
Verify that your test email to paubox15@gmail.com appears in the log
In addition, check your email inbox for replies to the emails you send - and note the security footer that appears on the bottom of your messages, confirming they were sent securely via Paubox.
Note: internal emails (sent to people in your organization) are secure, but will not have the security footer at the bottom.