Applies to: Office 365 for professionals and small businesses, Office 365 for enterprises, Live@edu
Topic Last Modified: 2012-06-26
You use SPF records to ensure that destination e-mail systems trust messages sent from your domain. The SPF record is important because it ensures that all the messages from your domain appear to originate from the messaging servers that support the cloud-based service.
An SPF (sender policy framework) record is a text (TXT) record that uses the Sender ID Framework. The Sender ID Framework is an e-mail authentication protocol that helps prevent spoofing and phishing by verifying the domain name from which e-mail messages are sent. Sender ID validates the origin of e-mail messages by verifying the IP address of the sender against the alleged owner of the sending domain.
Domain administrators publish SPF records in DNS. The SPF record identifies authorized outbound e-mail servers. Destination e-mail systems verify that messages originate from authorized outbound e-mail servers. For more information, see Sender ID.
If you are a cloud-only organization with all mailboxes in Exchange Online, create an SPF record that identifies the Microsoft messaging servers as a legitimate source of mail for your domain. To do this, create a TXT record with the following value:
If you have a hybrid deployment and use an on-premises Exchange server to send outbound mail, or if you’re a Forefront Online Protection for Exchange (FOPE) stand-alone customer (meaning that your organization currently uses FOPE to protect your on-premises mailboxes), we recommend that you add the IP address for your on-premises server to the TXT record. Use the following syntax:
For example, if the IP address of your Exchange server is 192.168.0.1, the TXT record would have the following value:
If you have multiple outbound mail servers, include the IP address for each mail server in the TXT record and separate each IP address with a space. For example:
For more information, see:
