FAQs
Answers to your Frequently Asked Questions on Tenant Migration
G2 Badges from DuoCircle LLC (the parent company of Tenant Migration)
How can we help you today?
Your mail exchanger (MX) record is the directory that tells the cyberworld how to route emails sent to your domain. If it is misconfigured or absent, you will not receive emails.
Businesses have more choices for email providers than ever before, and services are available 24/7 in the cloud. So why would you need a backup MX record?
Simple: Neither Microsoft nor Google allow for the same domain name to be bound to their service at the same time.
If you need to switch from one mail tenant to another, your domain name will have to be deleted or released from their service, which can take anywhere from 4 to 40 hours. If there are any issues in the transfer process, you could lose days or weeks-worth of email – and never even know it!
Tenant Migration becomes your default MX record, agnostic of all email servers, so your precious email can carry on uninterrupted. We capture your messages and safely deliver them to your new tenant destination.
As you transition from one tenant to another, our MX record acts as a bridge to prevent email service delivery failures while the new tenant is being provisioned and linked to your domain name. Our service seamlessly captures all messages during this interim period, then safely delivers them to your new tenant destination when ready.
A migration between Office 365 tenants can be just as complex as migrating to a new service, and Microsoft doesn’t provide any built-in protection from email loss. The most common workaround – a method that relies on internet servers queuing the mail and attempting redelivery during and after the tenant migration process – will only queue emails for 24 hours, with no guarantee of success. Without a backup MX record, you only have one day to provision the new tenant and resolve any issues before you start losing emails.
That’s why you need our Office 365 to Office 365 or Gmail (G Suite to G Suite) service, even when you stay with the same provider. Our MX Backup and Email Forwarding options ensure no emails are lost during the delicate tenant migration process. Don’t leave it to chance!
MX Backup and Email Forwarding might sound quite similar, but there are important differences to consider. When you use the MX Backup service, all messages are queued together during the migration, so there’s no need to define users. With Email Forwarding, messages are forwarded directly to corresponding accounts on the new domain. The forwarding option eliminates downtime, but it also necessitates one-to-one mapping for each email account.
Yes, our migration services and tools are GDPR and SOC 2 Type 1 compliant. We use secure AWS data centers and immediately delete all account logs and information upon account closure.
Once your MX records have been updated with your DNS provider your smtp service be activated. If your mail server goes down for any reason or if the sending mail server is unable to communicate with your mail server it will automatically fail over to our service.
There is nothing you need to do to initiate a failover, it is automatic
Default Mail Queue Retention Policy
With DuoCircle email services your email is kept in the mail queue for 30 days, during that time we are attempting to deliver your email to the MX record that is configured for your domain. When mail exceeds 30 days in the queue it is set with a Non Delivery Notification and cannot be recovered.
Expanded Mail Queue Retention Policy
If you require your mail retention to exceed 30 days we have an optional 45-day retention option. Please contact support for more information.
How long to you keep spam in the queue?
This is no software to install on your server, we are 100% cloud based enterprise email service.
Activating our service typically takes less than five minutes, and once your DNS record has been updated our hosted email service starts working automatically.
Our servers will attempt to redeliver each message on a specific interval over the time that your server is down.
We will attempt a retry at 1,15,30,60,120,180 minutes after a message has been received and then 180 minutes every retry after that.
By default, we do it 249 times for a total queue time of 30 days, 18 hours, 16 minutes. If your mail server comes back online and you are ready to accept all your email you can queue your messages via our Admin interface or you can contact customer care 24×7 and we can release your messages in a batch.
There is no limitation on the number of messages received or disk space utilized for backup MX. The only limitation is a 50MB per message attachment size limit which is inline with Gmail and Office 365 attachment limits.
We utilize Amazon Web Services and use multiple zones across data centers in Oregon and in Frankfurt Germany. Oregon is one of the safest geographic regions in the United States and Germany has some of the strictest privacy laws in the world.
All communication to our application is secured via Secure Socket Layer (SSL) communication with your web browser. Our servers support TLS for server-to-server encryption of email traffic.
Yes, we filter all email that comes to our system including email that is destined for the Backup MX servers.
We do this because spammers are notorious in their desire to thwart your email filtering services that contain anti-virus and spam protection. One of the ways that they do this is to deliver email to the BackupMX server and then hope that this spam will be delivered to your primary server. They feel that the BackupMX server has less stringent spam controls and therefore it will bypass the filters – however we have plugged this type of exploit and our enterprise email service filters all messages for viruses, spam and has built in phishing protection.
All email is virus and spam filtered so that malicious content cannot be sent to your server by a spammer trying to use your backup MX record. Our enterprise email security uses commercial Anti-Spam and commercial Anti-Virus software with advanced anti phishing solutions to detect zero-hour and other malicious content to give you total protection from phishing and spam.
Typically for the MX Backup service you do NOT need to define a destination mail server or hosted smtp – and when setting up your new MX email backup service it should be left blank.
We will default to the lowest priority MX record that you have published for the domain.
However there are times when you may want your mail delivered directly to your destination mail server smtp service and to ignore the published MX records. In these cases you would specify a destination server.
Some example cases of configuring the enterprise email services, would include:
- Not wanting or being able to change your MX record during an outage or maintenance
- Wanting to keep your destination server private and not expose your MX records publicly
- You would like to use an alternate port number for backup MX emails.
You can then update your Backup MX service to include a destination server and port number
NOTE: If you define a destination server for MX Backup this will take priority over your primary MX record for delivery.
Our enterprise email security leverages Amazon Web Services in Oregon and Frankfurt Germany. We have also built out fault tolerance in all layers of our infrastructure to ensure that your mail is safe.
You may have seen an message in your server logs that stated “Recipient address rejected: greylisted by CYREN IP reputation” this is part of our multi layered approach to fighting spam with our email filtering services, uses a technique called Greylisting where we “temporarily reject” any email to a subscriber from a sender that our enterprise email security system has not seen before.
If the email is legitimate their server will retry in just a few minutes and this time it will be accepted. And from then on out, any message to you from them will come in at full speed. It’s just the first time that you’ll notice a delay.
The major ISP’s have been whitelisted in our Greylisting databases, but their mail is still subject to spam and virus filtering that also gives you total protection from phishing.
The Pro’s of Greylisting
Spammers rely on sheer volume for their business model to work, they don’t hold or queue messages on their servers hoping that they will be accepted in just a few minutes. They fire and forget. Their software is built to send as many messages in the shortest amount of time possible and they don’t play by the tules.
The rules in this case is that most mail servers after getting a temporary failure will retry their message again in 15 minutes from the first time that they sent it. Our mail servers see this second attempt as a signal that the mail is legitimate and then we create an association in your account for this particular sending – sending messages to your account. Every subsequent message will come through at full speed, but it’s the first time that you may see a delay.
The Con’s
The biggest disadvantage of greylisting is that for unrecognized servers, it destroys the near-instantaneous nature of email that users have come to expect. Mail from unrecognized servers is typically delayed by about 15 minutes, and could be delayed up to a few days. A customer of a greylisting ISP can not always rely on getting every email in a pre-determined amount of time. The biggest impact that we see is for password reset emails, shopping cart and subscription confirmations. Just realize that these can take a few minutes more than they used to.
We will be implementing a process where you will be able to whitelist email domains so that they are not subject to the filtering.
PsExec is a light-weight telnet-replacement that lets you execute processes on other systems, complete with full interactivity for console applications, without having to manually install client software. You can learn more and download at https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
This is a PsExec script to modify connection filter to add the trusted IP addresses. This is required if you are going to use our service infront of Office365 or if you are doing a tenant migration. Without this tool the only other way to add IP’s to Office365 is to copy/paste each one, which can be time consuming.
The content in quotes will be specific and custom to your tenant’s naming convention:
Inbound IP’s (Required for Inbound Spam and Phishing Protection)
Set-HostedConnectionFilterPolicy “Inbound Connection Filter Policy” -IPAllowList 54.191.214.3,54.149.210.130,54.191.214.36,54.191.151.194,54.148.219.64,54.149.206.185,54.186.27.61,54.191.158.99,54.186.172.23,54.149.36.10,54.149.155.156,54.69.130.42,54.213.22.21,54.200.247.200,54.186.218.12,54.200.129.228,54.149.205.143,54.148.222.11,54.148.30.215,54.69.62.154,54.68.193.51,54.186.60.165,54.149.154.28,54.148.229.97,54.186.22.84,54.149.26.35,52.28.30.98,52.29.118.68,52.29.142.239,52.29.144.204,52.29.147.143,52.29.152.107,52.29.162.96,52.58.5.29,52.58.7.81,52.58.7.120,104.232.45.0/24
Please ensure that all of the IP’s are added.
Outbound IP’s (Unless you are smarthosting via our outbound system to your Tenant do not add these)
Set-HostedConnectionFilterPolicy “Outbound Connection Filter Policy” -IPAllowList 54.68.34.165,54.68.138.64,54.186.57.195,54.149.88.251,54.149.240.58,54.186.10.118,54.149.35.133,54.149.250.69,54.148.153.48,54.148.218.146,54.149.232.81,54.149.244.166,54.149.34.179,54.186.57.195,54.187.213.119,54.187.218.212,54.187.63.214,54.187.71.48,52.10.99.51,52.10.130.167,52.26.49.97,54.69.62.154,54.148.38.162,54.148.113.140,54.148.165.188,54.148.219.64,54.149.26.35,54.149.155.156,54.149.210.130,54.186.218.12,54.200.129.228,54.200.247.200,54.213.22.21,35.157.29.171,52.28.251.132,52.58.109.202,52.28.147.211,52.58.97.209,52.58.19.153,52.28.246.64,52.28.59.28,52.28.6.212,52.58.96.151,52.29.156.81,52.29.21.168,104.232.45.0/24
1 million+ Inboxes Successfully Migrated
Join thousands of satisfied clients using our tenant migration MX records globally.
G2 Badges from DuoCircle LLC (the parent company of Tenant Migration)