skip to Main Content

Configure SPF record for Office 365

In the previous article, we did add a new domain to Office 365. The next step is to configure the SPF record for Office 365. At the moment, there are a couple of Exchange Server on-premises running in production, and the domain’s SPF record is configured for Exchange Server on-premises.

This article aims to merge the Office 365 SPF record with the existing SPF record. This way, nothing will happen to the production environment, and we will make the environment ready for Office 365.

SPF record information

SPF is a protocol that helps to reduce spam via email. An SPF record is set in the DNS zone of the domain name. Receiving mail servers can check for the presence of an SPF record. This check verifies that the server from which an email is being sent has permission to do so. The server that has permission to send emails on behalf of the domain name is listed in the SPF record.

Find Office 365 SPF record

Sign in to Microsoft 365 admin center. Go to Settings > Domains. Click on the domain that you want to configure the SPF record for. In this example, it’s the domain exoip.com.

Edit domain in Microsoft 365 admin center

Click on the tab DNS records, and down below, there are three records for Exchange Online:

  1. MX
  2. TXT
  3. CNAME

The one that we are interested in for now is the TXT record, which is the SPF record for Exchange Online. Click on the TXT record.

Configure SPF record for Office 365 TXT record status error

The domain already has an SPF record configured, v=spf1 mx -all. The SPF record is telling that the MX record is an approved sender for the domain. The MX record is resolving to the Exchange Servers. Email coming from the on-premises Exchange Servers is authorized, and everything else is not.

The message shows Invalid entry because we don’t have the include:spf.protection.outlook.com statement in our SPF record. We want to merge the Exchange Online SPF record into the existing exoip.com domain SPF record. That’s why we will only copy the include statement, include:spf.protection.outlook.com, to the clipboard.

Configure SPF record for Office 365 TXT record invalid entry

Add SPF record for Office 365

Sign in to the domain’s registrar and open the domain DNS settings. In our example, the domain exoip.com.

The TXT record value for SPF looks like v=spf1 mx -all.

Configure SPF record for Office 365 DNS before

Edit the existing SPF record and paste the include statement include:spf.protection.outlook.com. The effect is that it will also authorize Exchange Online servers to send emails for the exoip.com domain name.

The TXT record value for SPF looks like v=spf1 mx include:spf.protection.outlook.com -all.

Configure SPF record for Office 365 DNS after

The change can take up to 24 hours, but most of the time, this will resolve within 5-15 minutes.

Verify Office 365 SPF record

Click on Refresh to refresh the page. The TXT status changed from Error to OK. Click on the TXT record.

Configure SPF record for Office 365 TXT record status OK

It shows that the record is Correct.

Configure SPF record for Office 365 TXT record correct

We did configure the SPF record for Office 365 successfully. Exchange on-premises and Exchange Online are both authorized to send emails from the domain.

In the next article, we will configure the DKIM record for Office 365.

Conclusion

You learned how to configure the SPF record for Office 365. Sign in to the Microsoft 365 admin portal and copy the Exchange Online SPF record include statement, include:spf.protection.outlook.com.

Sign in to the domain’s registrar and paste the include statement to the existing SPF record. After that, wait for 5 to 15 minutes before verifying the SPF record in Microsoft 365 admin portal. The Exchange Online TXT record will show as OK. It means that it’s correct and you’re good to go!

Did you enjoy this article? You may also like Copy members from one AD group to another. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *