Office 365 SPF record

Hello -

I need some help wrapping my mind around 'SPF' records for Office 365. We don't have any 'on premise' email servers, we use Office 365.
This is the record showing under domains in Office 365: 'v=spf1 include:spf.protection.outlook.com -all'.
I also have an SPF record at our DNS host('v=spf1 include:outlook.com ip4:123.123.123.123 ~all') that includes our network's external IP address. Is this still necessary if we don't have any local email servers and should I replace it with the SPF record showing in Office 365?

Thank you for your help!
Alan DalaITAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Vasil Michev (MVP)Commented:
If you are not sending email via any on-premises appliances or 3rd party services, all you need to do is add the record as shown in the O365 portal. Make sure to delete the old one - only a single SPF record must be configured per domain, otherwise it will invalidate the lookup and cause problems.
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Be sure to user https://dmarcian.com/spf-survey to verify your SPF record is correct too.

Best to always verify your SPF syntax checker, just to make sure all's well.
Mal OsborneAlpha GeekCommented:
The SPF record needs to cover any IP address that mail claiming to be from your domain is sent from. The "standard" include:spf.protection.outlook.com covers any IP addresses used by Office 365.

If you send email from some other servers, you will need them to be covered by the SPF record as well. For instance, if you have a web site that responds to queries with an email purported to be from your domain, it will need an SPF record. ip4:123.123.123.123 is a record that may be addressing that.
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

Alan DalaITAuthor Commented:
Hello -

The combined one that sits at our DNS registrar does not include the 'protection' part. I assume this is related to 'spoofing' of our domain. Since we have some emails sent from our public IP, can I combine them to look something like this:

v=spf1 include:spf.protection.outlook.com ip4:123.123.123.123 ~all'

Thanks!
Vasil Michev (MVP)Commented:
Depends on how you are sending those. If it's via Outlook or any other client-based method, you dont need to add anything. If you have on-prem servers sending messages then yes, add the IP as in the above example.
Aaron GuilmetteTechnology Solutions ProfessionalCommented:
We don't have an SPF record entitled "outlook.com," so you are most likely not getting valid data.  You need to update the include to say "include:spf.protection.outlook.com."

Only put values in ip4: for servers or sites that are sending mail on your behalf.  Any device that is exposed as that address will be able to send mail on your domain's behalf.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Office 365

From novice to tech pro — start learning today.