[Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Open
  • Priority: Medium
  • Security: Public
  • Views: 24
  • Last Modified:

Office 365 SPF record

Hello -

I need some help wrapping my mind around 'SPF' records for Office 365. We don't have any 'on premise' email servers, we use Office 365.
This is the record showing under domains in Office 365: 'v=spf1 include:spf.protection.outlook.com -all'.
I also have an SPF record at our DNS host('v=spf1 include:outlook.com ip4: ~all') that includes our network's external IP address. Is this still necessary if we don't have any local email servers and should I replace it with the SPF record showing in Office 365?

Thank you for your help!
Alan Dala
Alan Dala
Vasil Michev (MVP)Commented:
If you are not sending email via any on-premises appliances or 3rd party services, all you need to do is add the record as shown in the O365 portal. Make sure to delete the old one - only a single SPF record must be configured per domain, otherwise it will invalidate the lookup and cause problems.
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Be sure to user https://dmarcian.com/spf-survey to verify your SPF record is correct too.

Best to always verify your SPF syntax checker, just to make sure all's well.
Mal OsborneAlpha GeekCommented:
The SPF record needs to cover any IP address that mail claiming to be from your domain is sent from. The "standard" include:spf.protection.outlook.com covers any IP addresses used by Office 365.

If you send email from some other servers, you will need them to be covered by the SPF record as well. For instance, if you have a web site that responds to queries with an email purported to be from your domain, it will need an SPF record. ip4: is a record that may be addressing that.
Alan DalaAuthor Commented:
Hello -

The combined one that sits at our DNS registrar does not include the 'protection' part. I assume this is related to 'spoofing' of our domain. Since we have some emails sent from our public IP, can I combine them to look something like this:

v=spf1 include:spf.protection.outlook.com ip4: ~all'

Vasil Michev (MVP)Commented:
Depends on how you are sending those. If it's via Outlook or any other client-based method, you dont need to add anything. If you have on-prem servers sending messages then yes, add the IP as in the above example.

Join & Write a Comment

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now