Use Office 365 or Exchange Server with Stax

Office 365 and Exchange Server require some extra configuration to work with Stax

Article Tags
On This Page
Before you beginWhy do I need to do this?WorkaroundsHow do you know this worked?See Also

If you want to start using Stax with Office 365 or Exchange Server, you'll need to implement one of two potential workarounds.

Before you begin

  • Estimated time to complete: 30 minutes
  • You need to be a member of Organization Management in your Office 365 tenancy or your Exchange Server organization

Why do I need to do this?

Stax assumes your email platform supports subaddress extensions for email addresses (RFC5233). If your email platform, such as Office 365 or Microsoft Exchange Server, does not support subaddress extensions, you'll need to follow the guidance in this article.

When an account is provisioned in Stax, a unique identifier is generated for it, in the format of a Universally Unique Identifier (UUID). Each account requires a unique email address, so Stax uses this UUID to generate an email address. For providers that support RFC5233 subaddress extensions, this is as simple as creating a single mailbox and using the format account+<uuid> This would result in all emails being delivered to the _account@example.com_ mailbox. In Office 365 and Exchange Server, some configuration is required to allow a similar functionality to occur.


While Stax cannot provide support for your email platform, there are two known workarounds that allow Stax's dynamic email address generation to function in organizations that are unable to support RFC5233 addressing. The first option (catch-all domain) is preferred as it takes a "set and forget" approach. It is slightly more involved and will require action from your Office 365/Exchange Server administrator, however is considerably more reliable. The second approach (manually provisioned aliases) may be required in environments with stringent compliance/configuration requirements.

Configure a Catch-All Domain

This approach creates a new email domain within Office 365/Exchange Server that is dedicated to receiving emails for AWS accounts. Any email to this domain is delivered to a specific mailbox within Office 365/Exchange Server, in a similar fashion to how an RFC5233 compliant server would function.

  1. Determine the email domain to be utilised. This should probably be beneath an existing domain you own (, but could also be an entirely new domain you purchase (

  2. Create a single "AWS Accounts" mailbox in your normal fashion, with an address on your regular email delivery domain:

  3. Create an internal relay domain in Office 365/Exchange Server

    Office 365:

    1. Add the domain to Office 365 following Microsoft's guidance
    2. Convert the newly added domain to the InternalRelay type:
      Set-AcceptedDomain -Identity -DomainType InternalRelay

    Exchange Server:

    1. Add the domain and set it as the InternalRelay type:
      New-AcceptedDomain -Name `
          -DomainName `
          -DomainType InternalRelay
  4. Create the appropriate DNS records for the domain with your DNS provider (MX, SPF, DKIM, DMARC, etc.)

  5. Create the Exchange transport rule to deliver mail for this domain to the new mailbox

    New-TransportRule -Name " catch-all" `
        -RecipientDomainIs "" `
        -RedirectMessageTo "" `
        -Comments "Redirects all messages for * to"

Once this configuration is in place, Stax can be configured to use any email address format, as long as the domain is exactly For example, ${Stax::AccountId} would be a perfectly acceptable format.

Manually Provision Aliases

The second option, while considerably more straightforward, does require ongoing effort.

  1. Create a single "AWS Accounts" mailbox in your normal fashion, with an address on your regular email delivery domain:
  2. Each time you create new accounts in Stax, you'll need to update your mail system to add the SMTP address aws-accounts+<account-uuid> to this mailbox

You can find the account's UUID by querying the Stax API or within the Stax console by selecting the account on the Accounts page and reviewing the UUID displayed in the address bar. For example, https://<your-stax-url>/accounts/account/98a39a4e-be1f-47bf-8f42-4c12b7e9422a represents an account with the UUID 98a39a4e-be1f-47bf-8f42-4c12b7e9422a, so would be configured to use the email address _aws-accounts+98a39a4e-be1f-47bf-8f42-4c12b7e9422a@example.com_.

How do you know this worked?

Next time you create an AWS Account in the Stax Console or API, you'll receive emails for the account to the designated Office 365 or Exchange Server mailbox.

See Also