External mail is denied to mail-enabled public folders

We came across a somewhat obscure error in support this week that piqued my interest. A customer had created new mail-enabled public folders and set permissions for external users to send to them, but external senders were getting a bounce message:

550 5.4.1 [<sampleMEPF>@<recipient_domain>]: Recipient address rejected: Access denied

After some searching online we discovered that changing the domain type from "authoritative" to "internal relay" was the possible solution, and after we tested, it was confirmed.

But, why?

Enter "Directory Based Edge Blocking" (DBEB), a service provided by Exchange Online that rejects messages that can't be resolved in the directory at the edge. Exchange Online does not synchronize mail-enabled public folder addresses with the directory, so when DBEB is enabled, mail sent to public folders from external users is rejected.

DBEB is turned on by default for authoritative domains in Exchange Online because when you set a domain to authoritative Exchange assumes it knows about any address you'd want to send to. Changing a domain to "internal relay" means you're telling Exchange that other addresses could exist, and to route those messages out via an Outbound Connector.