Cloud SMTP Relay

Overview

Avanan's Cloud SMTP Relay provides a secure and scalable solution for organizations to send outbound emails from internal systems, applications, and services.

By using standard authentication and encryption mechanisms such as SPF, DKIM, DMARC, and TLS, the Cloud SMTP Relay ensures that emails are properly validated, protected, and delivered reliably while maintaining sender reputation and high deliverability rates.

Avanan Cloud SMTP Relay accepts SMTP connections only when they are encrypted with TLS. If your internal sender cannot use TLS (for example, a printer, scanner, or legacy application), configure an internal SMTP relay (Postfix) to forward email to Avanan Cloud SMTP Relay over a TLS-encrypted connection. See Appendix M: Configuring Postfix as an Internal SMTP Relay for Non‐TLS Senders to Avanan Cloud SMTP Relay.

Administrators can configure and monitor domain-level settings directly in the Avanan Administrator Portal.

Note:

The Cloud SMTP Relay feature is currently in EA (Early Access). To enable it, contact Avanan Support.

Benefits of Combined IP-Based and Basic SMTP Authentication for Relay Sources

  1. Supports services that do not use dedicated static IP addresses or that send emails from shared or dynamic IP ranges, where IP-based authentication alone is insufficient. In such cases, you can use Basic SMTP Authentication without IP-based restrictions. See Adding a New Relay Source.

  2. Provides stronger service-level authentication by allowing each sending service to authenticate with its own credentials instead of relying solely on the source IP address.

  3. Allows you to configure Basic SMTP authentication independently, without requiring IP-based allowlisting. You can also combine authentication with IP-based filtering for enhanced security and access control.

  4. Enhances access control by allowing customers to restrict relay usage. It adds an additional security layer by requiring both approved source IP addresses and valid Basic SMTP Authentication credentials over TLS before granting relay access.

  5. Improves service separation and accountability by supporting the use of separate credentials for different services or applications, making it easier to manage, audit, rotate, or revoke access for each service independently.