From Office 365, it is necessary to have two FQDN records as example below:

• example-com-1.fortimailcloud.com
• example-com-2.fortimailcloud.com
  
  

And:

• example-com.fortimailcloud.com
  
  

With these FQDN records, it is possible to tell Fortimail Cloud how to route emails.

It is necessary to be careful which FQDN record is used for the Inbound connector and which one for the outbound connector.

Usually, the error '550 Domain domain.com is not a protected domain' is due to FortiMail receiving emails from the incorrect connector.

For example, to configure at Office365, go to Exchange Admin Center -> Mail Flow -> Connectors -> Add a connector and set 'example-com.fortimailcloud.com', but if this FQDN record is pointed as outbound and is used for inbound, the '550 domain error' will appear.

It is necessary to specify which FQDN record will be for inbound or outbound to route emails properly:

• The FQDN example-com.fortimailcloud.com has to be set in the Outbound connector on the internal mail server.
• The FQDNs example-com-1.fortimailcloud.com and example-com-2.fortimailcloud.com (with the -1 and -2) must be set as MX records in the DNS file zone for the protected domain.