Enabling SPF
It is important to understand where you are now so we don’t break anything. Take a look at the flowchart below:
Scenario 1 – Only Exchange Online can send e-mails from your domain
- Create a TXT record in your domain zone
Tables can't be imported directly. Please insert an image of your table which can be found here.
- Test your SPF record at Scott Kitterman's SPF record testing tools
TXT Name: @ Value: "v=spf1 include:spf.protection.outlook.com –all"
Scenario 2 – Add Exchange Online Protection to your SPF record
- Get your SPF record
Tables can't be imported directly. Please insert an image of your table which can be found here.
- Add Exchange Online Protection to your SPF record, just before the “all” verb.
Tables can't be imported directly. Please insert an image of your table which can be found here.
- Test your SPF record at Scott Kitterman's SPF record testing tools
nslookup -querytype=txt contoso.com Server: dns.external Address: 192.168.1.1 Non-authoritative answer: contoso.com text = "v=spf1 mx -all" TXT Name: @ Value: "v=spf1 mx include:spf.protection.outlook.com -all"
Scenario 3 – Create a SPF record for your e-mail gateways and Exchange Online Protection
- Define which hosts will send e-mail and build the SPF string with the below table:
Tables can't be imported directly. Please insert an image of your table which can be found here.
For example, if you want to allow Exchange Online and the IP address 40.124.14.27 to send e-mails from the domain contoso.com you can use the following SPF record at contoso.com DNS zone:
Tables can't be imported directly. Please insert an image of your table which can be found here.
- Test your SPF record at Scott Kitterman's SPF record testing tools
rd
where <3rd party SPF record> will be provided by your service provider
where <IP v4 Address> will be replaced with the actual IPv4 address
where <IP v6 Address> will be replaced with the actual IPv6 address
where <enforcement rule> can be:
-all – Anything not in the list will fail
~all – Anything not in the list will soft fail (avoid using this)
TXT Name: @ Value: "v=spf1 ip4:40.124.14.27 include:spf.protection.outlook.com –all"