/
Adding New Domains to Proofpoint

Adding New Domains to Proofpoint

1. Add Domain and Destination for Inbound Mail

(Steps 1-4 can be complete prior to day of migration)
Navigation: System → Inbound Mail

Click Add to create a new inbound domain entry.

Destination Rules

  • Standard format: domain-com.mail.protection.outlook.com

  • If the domain contains a dash (-), retrieve the destination directly from Microsoft 365 (format varies).

    • Example: stafford-insurance.comstaffordinsurance-com02b.mail.protection.outlook.com

Screenshot 1 – Adding inbound domains in PoD

download.png

2. Assign Domain to Inbound Spam Policy

Navigation: User Management → Groups → #_Inbound_Spam Policy

Move the new domain from Inbound/Outbound DomainsSelected Domains. This enables inbound spam scanning for the domain.

Screenshot 2 – Domain assignment inside Group Policy

download.png

3. Add DKIM Key for the Domain

Navigation: Email Protection → Email Authentication → DKIM Signing → Keys

Steps:

  1. Click Generate Key

  2. Copy DNS TXT values

  3. Add the DKIM record to domain DNS before migration

Screenshot 3 – DKIM Signing Key Management

download.png

4. Add/Update SPF Record Prior to Migration

Ensure the domain DNS TXT SPF record contains:

include:spf-00aaa201.pphosted.com

This must be applied before tenant cutover.

5. Update MX Records at Cutover Time

Modify MX records at cutover to route email through Proofpoint.

Required MX Records

  • TTL: 1800

  • Priority: 10

mxa-00aaa201.gslb.pphosted.com (Priority 10) mxb-00aaa201.gslb.pphosted.com (Priority 10)