From 5bfe21c064608bde3c17411fa37134daeca569e5 Mon Sep 17 00:00:00 2001
From: puneethmeister <3039750+puneethmeister@users.noreply.github.com>
Date: Fri, 9 Jul 2021 12:44:37 +0530
Subject: [PATCH] Update high-risk-delivery-pool-for-outbound-messages.md

---
 .../high-risk-delivery-pool-for-outbound-messages.md            | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/defender-office-365/high-risk-delivery-pool-for-outbound-messages.md b/defender-office-365/high-risk-delivery-pool-for-outbound-messages.md
index cb242360d3..cddb72ad71 100644
--- a/defender-office-365/high-risk-delivery-pool-for-outbound-messages.md
+++ b/defender-office-365/high-risk-delivery-pool-for-outbound-messages.md
@@ -78,3 +78,5 @@ In cases where we can authenticate the sender, we use Sender Rewriting Scheme (S
 For DKIM to work, make sure you enable DKIM for sending domain. For example, fabrikam.com is part of contoso.com and is defined in the accepted domains of the organization. If the message sender is sender@fabrikam.com, DKIM needs to be enabled for fabrikam.com. you can read on how to enable at [Use DKIM to validate outbound email sent from your custom domain](use-dkim-to-validate-outbound-email.md).
 
 To add a custom domains follow the steps in [Add a domain to Microsoft 365](../../admin/setup/add-domain.md).
+
+If MX record for your domain is pointed to a 3rd party or on-premises server, you should utilize Enhanced Filtering to ensure the SPF validation is correct for inbound email to avoid sending email through relay pool.