none
Exchange and SPF record

    Question

  • Hi all,

    we are in the plans of implementing SPF record for our domains. Currently we have 10 accepted domains in our Exchange (domainA-domainJ).

    Our mail route for Incoming is the following:

    Internet-Spamfilter(3rd part provider)-ExchangeOnPrem-ExchangeOnline

    Outgoing
    ExchangeOnline-Internet

    We have internal system that is also sending mail using relay of On-Prem Exchange

    ExchangeonPrem-ExchangeOnline-Internet

    We have also external system (outside corporate network)that is sending out mail using 3rd party system. It is sending using our xx@domain.com as FROM address.

    As far as I understand, our SPF record should look like this:

    v=spf1 mx a ip4:222.222.211.211 a:server1.domain.com include:server2.domain.com include:spf.protection.outlook.com -all

    Where 222.222.211.211 is external IP of our OnPrem Exchange server and server1/2.domain.com is external systems relaying.

    Is it correct to use this record for all our accepted domains?

    Thanks!

    p.s.

    Been trying to post this in Exchange Online forum, but no response yet since last week. So I'm trying here since reply is usually faster :)


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    Monday, April 4, 2016 6:33 PM

Answers

  • Hi all,

    we are in the plans of implementing SPF record for our domains. Currently we have 10 accepted domains in our Exchange (domainA-domainJ).

    Our mail route for Incoming is the following:

    Internet-Spamfilter(3rd part provider)-ExchangeOnPrem-ExchangeOnline

    Outgoing
    ExchangeOnline-Internet

    We have internal system that is also sending mail using relay of On-Prem Exchange

    ExchangeonPrem-ExchangeOnline-Internet

    We have also external system (outside corporate network)that is sending out mail using 3rd party system. It is sending using our xx@domain.com as FROM address.

    As far as I understand, our SPF record should look like this:

    v=spf1 mx a ip4:222.222.211.211 a:server1.domain.com include:server2.domain.com include:spf.protection.outlook.com -all

    Where 222.222.211.211 is external IP of our OnPrem Exchange server and server1/2.domain.com is external systems relaying.

    Is it correct to use this record for all our accepted domains?

    Thanks!

    p.s.

    Been trying to post this in Exchange Online forum, but no response yet since last week. So I'm trying here since reply is usually faster :)


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    You need that record in DNS for any domain that users send as. Not necessarily all accepted domains. 

    YOu can have one SPF in external DNS for one domain and have the others redirect to that one so you only need to update that  one record.

    "v=spf1 redirect=example.com"


    Blog:    Twitter:   

    Monday, April 4, 2016 7:05 PM
  • Thanks Andy and sorry for late reply. Been busy with other projects lately.

    It was solved by using include:

    Ex:

    v=spf1 mx a ip4:111.111.111.111 include:spf.domain.com include:spf.protection.outlook.com include:spf.domain2.com include:spf.domain3.com ~all

    All records are provided from domain owner, so it might varies from provider to provider.


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    • Marked as answer by Off2work Thursday, April 14, 2016 10:06 AM
    Thursday, April 14, 2016 10:06 AM

All replies

  • Hi all,

    we are in the plans of implementing SPF record for our domains. Currently we have 10 accepted domains in our Exchange (domainA-domainJ).

    Our mail route for Incoming is the following:

    Internet-Spamfilter(3rd part provider)-ExchangeOnPrem-ExchangeOnline

    Outgoing
    ExchangeOnline-Internet

    We have internal system that is also sending mail using relay of On-Prem Exchange

    ExchangeonPrem-ExchangeOnline-Internet

    We have also external system (outside corporate network)that is sending out mail using 3rd party system. It is sending using our xx@domain.com as FROM address.

    As far as I understand, our SPF record should look like this:

    v=spf1 mx a ip4:222.222.211.211 a:server1.domain.com include:server2.domain.com include:spf.protection.outlook.com -all

    Where 222.222.211.211 is external IP of our OnPrem Exchange server and server1/2.domain.com is external systems relaying.

    Is it correct to use this record for all our accepted domains?

    Thanks!

    p.s.

    Been trying to post this in Exchange Online forum, but no response yet since last week. So I'm trying here since reply is usually faster :)


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    You need that record in DNS for any domain that users send as. Not necessarily all accepted domains. 

    YOu can have one SPF in external DNS for one domain and have the others redirect to that one so you only need to update that  one record.

    "v=spf1 redirect=example.com"


    Blog:    Twitter:   

    Monday, April 4, 2016 7:05 PM
  • Thanks Andy and sorry for late reply. Been busy with other projects lately.

    It was solved by using include:

    Ex:

    v=spf1 mx a ip4:111.111.111.111 include:spf.domain.com include:spf.protection.outlook.com include:spf.domain2.com include:spf.domain3.com ~all

    All records are provided from domain owner, so it might varies from provider to provider.


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    • Marked as answer by Off2work Thursday, April 14, 2016 10:06 AM
    Thursday, April 14, 2016 10:06 AM