App Management: Email setup

Updated last month

Simpplr emails

As the app manager, in your user profile menu, navigate to Application settings > Application, and from the Setup tab, click Email.

Email sender address

First, enable Simpplr emails. Then optionally, enable personalized content emails.

AWS email new.jpg

Domain setup

In the Sender domain modal, click Add domain to add your org's domain for emails. Input the domain, and optionally choose to enter a custom sender address if you'd like emails to appear from a different address (e.g., thehubintranet.com).
AWS new email 2.jpg

Once your domain is added, you'll be given a copy of DNS records you'll need to implement in your org's DNS settings. Work with your IT admin team to get these implemented.
AWS email 3.jpg

Updated dedicated IP addresses list

To avoid emails from Simpplr being blocked in inboxes, have your IT team whitelist the following IP addresses in your email domain. Given are the dedicated IP addresses to Simpplr:

For US	For EU	For AU	For CA
54.240.116.11	54.240.106.63	24.110.73.69	54.240.81.96
54.240.116.27	54.240.106.64	24.110.73.70	54.240.81.97
76.223.147.27	76.223.150.161		54.240.81.138
76.223.147.28	76.223.150.162		54.240.81.139
76.223.147.29	76.223.150.163		54.240.81.140
76.223.147.31	76.223.150.164
76.223.147.32	76.223.150.165
76.223.147.33	76.223.150.166
76.223.147.34	76.223.150.167
76.223.147.35	76.223.150.168
76.223.147.36	76.223.150.169
76.223.147.37	76.223.150.170
76.223.147.38	76.223.150.171
76.223.147.39	76.223.150.172
76.223.147.40	76.223.150.173
76.223.147.41	76.223.150.174
76.223.147.42	76.223.150.175
76.223.147.43	76.223.150.176
76.223.147.44	76.223.150.177
76.223.147.45	76.223.150.178
76.223.147.46
76.223.147.47
76.223.147.48
76.223.147.49
76.223.147.50

Customize your sender address

You can add a custom sender address to help boost number of opens in your emails. Users are msre likely to trust familiar email addresses when opening emails.
AWS email 6.jpg

OAuth for Email Relay (Microsoft)

Simpplr now supports OAuth 2.0 authentication for Microsoft Exchange Online (smtp.office365.com) in Email Relay. App managers can select OAuth as the authentication type and provide the required credentials. The configuration form dynamically shows only the fields relevant to the selected authentication method. The Send Test Email button remains available, and existing authentication methods (Auth Plain and Auth Login) continue to work unchanged.

Important: Microsoft is deprecating Basic Authentication for Exchange Online. Switching to OAuth ensures compliance with Microsoft's roadmap and improves security.

What's included

OAuth 2.0 support. Authentication for Microsoft Exchange Online via smtp.office365.com.

Dynamic form. OAuth-specific fields appear only when OAuth is selected as the authentication type.

Send Test Email validation. Built-in validation to test credentials and connection before saving.

No change to Basic Auth. Auth Plain and Auth Login configurations are not affected.

Before you begin

Coordinate with your Microsoft Entra ID or Azure AD administrator to obtain the following credentials before starting configuration:

Credential	What it is
Client ID	The application (client) ID of the registered app in Microsoft Entra ID.
Client Secret	The client secret generated for the registered app.
Tenant ID	Your Microsoft tenant (organization) identifier.
Username	The SMTP mailbox email address the system will send from.

Configure OAuth for Email Relay

Go to Manage application → Email settings → Configure email relay properties.
On the SMTP configuration card, select Setup (for a new configuration) or Edit (to update an existing one).
Set the authentication type to OAuth. The OAuth fields appear dynamically.
Enter the following settings:

Field	Value
Client ID	Your registered app's Client ID from Microsoft Entra ID.
Client Secret	Your registered app's Client Secret.
Tenant ID	Your Microsoft tenant identifier.
Username	The mailbox email address to send from.
Host	smtp.office365.com
Port	587
TLS	Required Verify

Note: An informational message in the UI confirms that OAuth authentication is supported for Microsoft providers.

Click Send Test Email. The system uses your credentials to acquire an OAuth access token (using the client_credentials grant type), performs a connection test, and dispatches a test email. If the test fails, correct the inputs and test again.
Once the test succeeds, Save becomes available. Click Save to complete the configuration.

Important: Save is blocked until a successful test is completed. You cannot save the configuration without first passing the Send Test Email validation.

How send test email works

The send test email button validates the full configuration before anything is saved. When you click it, the system:

Validates the required fields for the selected authentication type.
Generates an OAuth access token for Microsoft Exchange Online using the client_credentials grant type.
Stores the credentials and token securely.
Dispatches a test email through the configured SMTP settings.

Note: Always run Send Test Email immediately after changing any OAuth field. The Test connection button becomes active as soon as an OAuth field is changed.

Supported authentication methods

The following authentication methods are available in Email Relay:

Method	Status
OAuth 2.0	New. Supported for Microsoft Exchange Online (smtp.office365.com).
Auth Plain	Unchanged. Continues to work as before.
Auth Login	Unchanged. Continues to work as before.

Behavior

Send As restrictions. You can only send from mailboxes within your Microsoft tenant or from mailboxes that have been explicitly granted Send As or On Behalf Of permissions. Using a From address outside your tenant domains is blocked by Microsoft and will result in a 554 5.2.252 SendAsDenied error.

OAuth fields are required. OAuth-specific fields (Client ID, Client Secret, Tenant ID, and Username) appear only when OAuth is selected and must all be completed.

Port and TLS. Port 587 with TLS Required Verify is the recommended setting for Exchange Online.

Migrating from Basic Auth. If you previously used Basic Authentication to send from an external domain or a shared mailbox without proper permissions, you must update your Microsoft permissions and From address policies to comply with OAuth restrictions before switching.

Configure email relay properties

Here you can set up custom SMTP relay configurations to ensure emails are delivered through your own servers. This helps prevent emails from being marked as spam by your system.

To get started:

Click Configure. This brings up the setup modal.
Input the applicable details into each field. This may require the help of your IT admin.
1. For Host, enter a mail domain, hostname or IP address. If you provide a name, Simpplr checks for valid Domain Name Service (DNS) mail exchange (MX) records first. If none are found, Simpplr looks for a DNS Address (A) record. If you plan to use Transport Layer Security (TLS) with this connection, enter the hostname instead of the IP address. TLS requires the hostname for verifying certificates.
  Here are examples of valid formats.
  - Mail domain: myemaildomain.com
  - Mail server hostname: mail.myemaildomain.com
  - IP address: 100.121.20.5
2. For Port, enter the number of your company’s SMTP server. Obtain this information from your email administrator. Email relaying is supported on any port numbers between 0 - 65535.
3. Select a TLS Setting. This setting controls whether Simpplr uses TLS for SMTP sessions.
  - Off — TLS is turned off. SMTP session continues through an insecure connection.
  - Preferred — If the remote server supports TLS, Simpplr upgrades the current SMTP session to use TLS. If TLS is unavailable, Simpplr continues the session without TLS. This setting is the default.
  - Required — Simpplr continues the session only if the remote server supports TLS. If TLS is unavailable, Simpplr terminates the session without delivering the email.
  - Preferred Verify — If the remote server supports TLS, Simpplr upgrades the current SMTP session to use TLS. Before the session begins, Simpplr verifies that a valid certificate authority has signed the certificate and that the common name presented in the certificate matches the domain or mail exchange of the current connection. If TLS is available but the certificate isn’t signed or the common name doesn’t match, Simpplr disconnects the session and doesn’t deliver the email. If TLS is unavailable, Simpplr continues the session without TLS.
  - Required Verify — Simpplr continues the session only if the remote server supports TLS, a valid certificate authority has signed the certificate, and the common name presented in the certificate matches the domain or mail exchange to which Simpplr is connected. If any of these criteria aren’t met, Simpplrterminates the session without delivering the email.
  If you use TLS verification, an MX or an A record for your hostname is required in Public DNS. Canonical Name (CNAME) DNS records can’t be used for relays with TLS verification.
4. Optionally, to enable authentication with a username and password for this email relay.
  1. Select Enable SMTP Auth. When you enable this setting, the TLS Setting changes to the required value, Required Verify.
  2. In the Auth Type field, select a Simple Authentication and Security Layer (SASL) mechanism to use for SMTP authentication.
    - To use the PLAIN SASL mechanism, select Auth Plain. This is the default Auth Type when you enable SMTP Auth.
    - To use the LOGIN SASL mechanism, select Auth Login.
    Simpplr supports only the PLAIN and LOGIN SASL mechanisms.
  3. For Username, enter the username for SMTP authentication.
  4. For Password, enter the password for SMTP authentication.
  5. In the Confirm Password field, reenter the password for SMTP authentication.
  Before you enable SMTP authentication, test this feature in a sandbox to ensure that it works as expected with your email relay. Some email services don’t support SMTP authentication for email relays.
  If you deselect Enable SMTP Auth, Simpplr saves your authentication credentials but doesn’t route email to your company’s email server using SMTP authentication.
5. Save your changes.
6. Set up an email domain filter. You must set up an email domain filter for email relay to work.
Simpplr recommends that you send a test message each time you change the email relay configuration.
When finished, click Submit.

Test deliverability

With Test deliverability, you can test email deliverability to any specified email address. In Application settings > Application > Email, click Test deliverability and input the address you'd like to test with.
AWS email 5.jpg

Compliance BCC email

Finally, you can optionally set up a compliance BCC email to automatically copy each outgoing email to a compliance email address. Certain types of system emails, such as password reset and important completion emails, are excluded.
AWS email 7.jpg

Other emails sent

Note that some emails are sent regardless of whether the App manager has disabled emails entirely.

If Enable Simpplr emails is turned off in Application settings > Application > Setup > Email, the following emails will still be sent to applicable users:

User password reset
User recover MFA
Reset password OTP request
Welcome email
Welcome SSO email
Mobile app download
Help & feedback email
Integration token expiration
License exhausted
Bulk license expiration email
User account suspension
User sync/provisioning status
SFTP credentials email
SFTP private key email
SFTP user sync/provision status
Audience CSV job status
Bulk upload of topics email confirmation
Historical data ingestion
Bulk user onboarding sync
Redemption code

Mobile promotion emails are also sent regardless of user settings, due to the fact that they're manually sent by users.

Was this article helpful?

Subscribe to receive updates on this article