Certainly! Here’s how to configure Sender Policy Framework (SPF) for your Microsoft 365 domain to identify valid email sources:
-
MICROSOFT Online Email Routing Address (MOERA):
- If you use only the MOERA domain for email (e.g., contoso.onmicrosoft.com), no additional action is needed. The SPF TXT record is automatically configured. Microsoft owns the onmicrosoft.com domain, so they manage DNS records for it.
- For more information on .onmicrosoft.com domains, see Why You Have an “onmicrosoft.com” Domain.
-
Custom Domains:
- If you use custom domains (e.g., contoso.com), create or modify the SPF TXT record in your DNS for the custom domain.
- Here’s what to do:
- Create an SPF TXT record in your DNS for the custom domain (contoso.com) to identify Microsoft 365 as an authorized email source.
- Destination email systems will check the SPF TXT record in contoso.com to determine if a message comes from an authorized source for contoso.com email.
-
SPF TXT Record Syntax:
- The SPF TXT record must be correctly configured in DNS. Here’s an example syntax:
v=spf1 include:spf.protection.outlook.com -all - This example indicates that Microsoft 365 is an authorized email source for the domain.
- The SPF TXT record must be correctly configured in DNS. Here’s an example syntax:
-
Troubleshooting SPF TXT Records:
- Verify that the SPF TXT record is correctly set up in DNS.
- Use online SPF verification tools to ensure the record is valid.
-
Next Steps:
- After correctly configuring SPF, monitor alerts and notifications to ensure proper email authentication.
For detailed instructions and further information, refer to the article on Configure SPF to Identify Valid Email Sources for Microsoft 365.
