On-Premise IP Address Is Blocked By Exchange Online Protection – 550 5.7.606-649 Access Denied

​As part of the hybrid deployment testing at a customer site, emails that were sent from an on-premise mailbox to an Office 365 user was always failing and the NDR was very clear as well. The Exchange Online Protection was blocking emails from the customer's outgoing public IP address.

More...

Below was the main error that was mentioned in the NDR by EOP.

550 5.7.606-649 Access denied, banned sending IP [IP address]; To request removal from this list please visit https://sender.office.com/ and follow the directions. For more information please go to http://go.microsoft.com/fwlink/?LinkID=526653.​

​The issue is that the public IP address that is being used to send emails from on-premise Exchange to Office 365 (via EOP) is being blacklisted by Microsoft. The good thing is that Microsoft provides an easy way for submitting a request to get your IP address de-listed from the blacklist. 

There are three steps to follow to delist your ip address.

Navigate to https://sender.office.com

Punch in your email address and the IP address to be de-listed, fill out the captcha and click Submit.

Click the link in the email that Microsoft sends to confirm your email address.

The link will open up the same page as before, but you will be given the option to de-list your IP address.

Wait for Microsoft to action your request and your emails will be accepted by Exchange Online Protection.

It is a good idea to check your public IP addresses in the initial phase of the Office 365 project to avoid any surprises in PoC or after user migrations!​