Sending Email in Azure

At some point, most people using Azure will find they need to send email from an application they are running in Azure. When this happens, the first response is either to create a mail server running in your Azure network or to use an existing external mail relay you already have running. If you try this, you’ll quickly find that it doesn’t work, and none of your inbound or outbound email traffic is going anywhere. Let’s take a look at why this is the case, and how you can best send email from inside of Azure.

The Problem

The root of this issue is that Microsoft block outbound traffic on port 25. This means that if you try and use an external mail relay, then your requests will not reach it, and if you try and run your mail server in Azure, it will not be able to send any mail out.

Microsoft does this to prevent the use of Azure by Spammers and avoid open relays being used as targets for sending Spam mail. Other cloud providers may take a different approach to this, but this is Microsoft’s stance. If you’re using Azure, you need to work with this.

So how can we send mail in Azure?


1. Subscription Types

Not all subscriptions are equal with regards to the block on port 25 traffic. If you have one of the following subscription types you will be able to send outbound port 25 traffic:

  • Enterprise Agreement Subscription
  • Pay as You Go subscription created before November 15 2017

If you have either of these types of subscriptions then from a technical perspective, you will be able to send outbound mail on port 25. However, this does not mean the destination will accept these emails. Mail coming from a cloud provider has a higher chance of coming from an IP on a Spam blacklist and risking rejection. So even if you technically can send an email on port 25 from your subscription, you may not want to.

2. Use A Different Port

If you’re running your own mail server/relay outside of Azure, then you can still use it, but you need to connect to it using a port other than 25. This usually means using a relay that requires authentication, connecting on port 587 or 443. This traffic will be allowed out of any Azure Subscription.

3. Office 365 Exchange Online

If you’re using Office 365 with Exchange Online then already have a mail server you can use to send email from Azure. Exchange Online supports authenticated relay on port 587, so all you need is an account to send mail from.

4. SendGrid

SendGrid is a third-party solution for sending an email which you can purchase and use through the Azure portal. Azure customers can send up to 25,000 emails per month for free. SendGrid provides both an HTTP API for sending mail and an authenticated relay for more traditional methods.

5. Other Third-Party Providers

While SendGrid is one of the more straightforward third party providers to use with Azure, there are plenty of other third-party mail providers you can utilise with Azure, so long as you can use them on a port other than 25.

Further Reading

Troubleshoot outbound SMTP connectivity problems in Azure