Sender Policy Framework (SPF) allows email administrators to reduce sender-address forgery (spoofing) by specifying which are allowed to send email for a domain. SPF is configured by adding a specially formatted TXT record to the DNS zone for the domain.

You can read a detailed explanation of how SPF works here.

It is recommended to implement SPF for your domains. Although adding SPF records to your domain does not directly help to prevent spam from being received by your organization, it does help other organizations to prevent spam email that is spoofing your domain. This in turn can help maintain the reputation of your email domain, and reduce the likelihood of your organization’s legitimate emails being rejected by other email systems, and can help reduce NDRs or bounce back messages from other email systems when spammers are spoofing your domain.

However, SPF is not always able to simply be turned on. A misconfigured SPF record can cause legitimate emails from your domain to be rejected by other email systems. So it is recommended to proceed with caution, taking care to audit all of the possible legitimate senders of email for your domain (including your Exchange/Exchange Online system, plus any external hosted systems that send email using your domain, such as email marketing or payroll systems).

You can also consider adding your SPF record as a “Neutral” or “Soft Fail” during the initial implementation period, before changing it to a “Hard Fail” once you are satisfied that your SPF record is accurately configured.

Further reading:

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

    1. Natalie Frith

      Thank you for bringing to our attention. We recently migrated to a different hosting solution which has caused a few site malfunctions in the process. We are working on repairing the 404 errors/broken links, however the blogs are still accessible on our site, you’ll have to search for them by name instead of using the links at the bottom of this article for the time being. We apologize for the inconvenience, and appreciate your patience while we work out some kinks.

  1. filip

    Hi Paul,
    Any idea why i get error ” One or more addresses has invalid syntax” on Microsoft Sender ID Framework SPF Record Wizard , if I enter two ip’s (one per line) on the “Enter any additional IP addresses (or ranges of addresses) you wish to add to your SPF record (one address or address range per line)” ?

Leave a Reply