Microsoft 365/Exchange SPF Setup

SPF (Sender Policy Framework) is an email authentication method designed to prevent unauthorized senders from using your domain. It helps safeguard your brand from spoofing and phishing attacks by validating the servers allowed to send emails on your behalf.

This guide walks you through configuring SPF for Microsoft 365 Exchange, Microsoft’s cloud-based email and productivity platform.

Microsoft 365 SPF Requirements

Note: If you’re already using Sendmarc to manage your SPF record, simply copy ‘include:spf.protection.outlook.com -all’ and follow the steps here.

To authorize Microsoft 365 to send emails on your domain’s behalf:

  1. Log in to your domain’s DNS dashboard.
  2. Go to the page where you can update the DNS settings on that domain.
  3. Check if a TXT record starting with v=spf1 already exists.
    • If it exists, modify the existing record to include Microsoft 365 (details in the table below).
    • If not, create a new TXT record.

Example of an updated SPF record:

HostTypeValue
@ or blankTXTv=spf1 include:another.net include:spf.protection.outlook.com -all

Example of a new SPF record:

HostTypeValue
@ or blankTXTv=spf1 include:spf.protection.outlook.com -all
  1. Save your changes in the DNS control panel.

Allow up to 48 hours for DNS propagation, depending on your DNS host.

How to update your SPF settings using Sendmarc

For detailed instructions on how to update your SPF record through Sendmarc, refer to the Sendmarc SPF Setup Documentation.

Microsoft 365/Exchange Documentation

Refer to Microsoft 365’s official documentation for SPF setup here.

Looking for DKIM Settings?

Find out how to configure your Microsoft 365 DKIM settings here.