• Status: Open
  • Priority: Medium
  • Security: Public
  • Views: 50
  • Last Modified:

Office 365 SPF record

Hello -

I need some help wrapping my mind around 'SPF' records for Office 365. We don't have any 'on premise' email servers, we use Office 365.
This is the record showing under domains in Office 365: 'v=spf1 include:spf.protection.outlook.com -all'.
I also have an SPF record at our DNS host('v=spf1 include:outlook.com ip4: ~all') that includes our network's external IP address. Is this still necessary if we don't have any local email servers and should I replace it with the SPF record showing in Office 365?

Thank you for your help!
Alan Dala
Alan Dala
Vasil Michev (MVP)Commented:
If you are not sending email via any on-premises appliances or 3rd party services, all you need to do is add the record as shown in the O365 portal. Make sure to delete the old one - only a single SPF record must be configured per domain, otherwise it will invalidate the lookup and cause problems.
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Be sure to user https://dmarcian.com/spf-survey to verify your SPF record is correct too.

Best to always verify your SPF syntax checker, just to make sure all's well.
Mal OsborneAlpha GeekCommented:
The SPF record needs to cover any IP address that mail claiming to be from your domain is sent from. The "standard" include:spf.protection.outlook.com covers any IP addresses used by Office 365.

If you send email from some other servers, you will need them to be covered by the SPF record as well. For instance, if you have a web site that responds to queries with an email purported to be from your domain, it will need an SPF record. ip4: is a record that may be addressing that.
Alan DalaITAuthor Commented:
Hello -

The combined one that sits at our DNS registrar does not include the 'protection' part. I assume this is related to 'spoofing' of our domain. Since we have some emails sent from our public IP, can I combine them to look something like this:

v=spf1 include:spf.protection.outlook.com ip4: ~all'

Vasil Michev (MVP)Commented:
Depends on how you are sending those. If it's via Outlook or any other client-based method, you dont need to add anything. If you have on-prem servers sending messages then yes, add the IP as in the above example.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now