Home » Exchange Server » Exchange Best Practices: SPF Records

Exchange Best Practices: SPF Records

Sender Policy Framework (SPF) allows email administrators to reduce sender-address forgery (spoofing) by specifying which are allowed to send email for a domain. SPF is configured by adding a specially formatted TXT record to the DNS zone for the domain.

You can read a detailed explanation of how SPF works here.

It is recommended to implement SPF for your domains. Although adding SPF records to your domain does not directly help to prevent spam from being received by your organization, it does help other organizations to prevent spam email that is spoofing your domain. This in turn can help maintain the reputation of your email domain, and reduce the likelihood of your organization’s legitimate emails being rejected by other email systems, and can help reduce NDRs or bounce back messages from other email systems when spammers are spoofing your domain.

However, SPF is not always able to simply be turned on. A misconfigured SPF record can cause legitimate emails from your domain to be rejected by other email systems. So it is recommended to proceed with caution, taking care to audit all of the possible legitimate senders of email for your domain (including your Exchange/Exchange Online system, plus any external hosted systems that send email using your domain, such as email marketing or payroll systems).

You can also consider adding your SPF record as a “Neutral” or “Soft Fail” during the initial implementation period, before changing it to a “Hard Fail” once you are satisfied that your SPF record is accurately configured.

Further reading:

Paul is a Microsoft MVP for Office Servers and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul is a co-author of Office 365 for IT Pros and several other books, and is also a Pluralsight author.
Category: Exchange Server

One comment

  1. filip says:

    Hi Paul,
    Any idea why i get error ” One or more addresses has invalid syntax” on Microsoft Sender ID Framework SPF Record Wizard , if I enter two ip’s (one per line) on the “Enter any additional IP addresses (or ranges of addresses) you wish to add to your SPF record (one address or address range per line)” ?

Leave a Reply

Your email address will not be published. Required fields are marked *