Use an SPF Record to Validate E-Mail Sent from Your Domain

 

Applies to: Office 365 for professionals and small businesses, Office 365 for enterprises, Live@edu

Topic Last Modified: 2012-06-26

You use SPF records to ensure that destination e-mail systems trust messages sent from your domain. The SPF record is important because it ensures that all the messages from your domain appear to originate from the messaging servers that support the cloud-based service.

What is an SPF record?

An SPF (sender policy framework) record is a text (TXT) record that uses the Sender ID Framework. The Sender ID Framework is an e-mail authentication protocol that helps prevent spoofing and phishing by verifying the domain name from which e-mail messages are sent. Sender ID validates the origin of e-mail messages by verifying the IP address of the sender against the alleged owner of the sending domain.

Domain administrators publish SPF records in DNS. The SPF record identifies authorized outbound e-mail servers. Destination e-mail systems verify that messages originate from authorized outbound e-mail servers. For more information, see Sender ID.

What do I need to create an SPF record?

If you are a cloud-only organization with all mailboxes in Exchange Online, create an SPF record that identifies the Microsoft messaging servers as a legitimate source of mail for your domain. To do this, create a TXT record with the following value:

v=spf1 include:outlook.com -all

If you have a hybrid deployment and use an on-premises Exchange server to send outbound mail, or if you’re a Forefront Online Protection for Exchange (FOPE) stand-alone customer (meaning that your organization currently uses FOPE to protect your on-premises mailboxes), we recommend that you add the IP address for your on-premises server to the TXT record. Use the following syntax:

v=spf1 ip4:<server IP address> include:outlook.com -all

For example, if the IP address of your Exchange server is 192.168.0.1, the TXT record would have the following value:

v=spf1 ip4:192.168.0.1 include:outlook.com -all

If you have multiple outbound mail servers, include the IP address for each mail server in the TXT record and separate each IP address with a space. For example:

v=spf1 ip4:192.168.0.1 ip4:192.168.0.2 ip4:192.168.0.3 include:outlook.com -all

For more information, see:

 
Related help topics
Loading...
No resources were found.