In the current article, we will review the subject of managing SPF record in an Office 365 based environment.The tasks that we will examine are:
- How to get the value of the SPF record that represents the Office 365 mail servers.
- How to create the new SPF record in the DNS server.
- How to verify that the SPF record was successfully published.
What is the purpose of SPF record?
The primary purpose of SPF record is, to include information on the mail servers who consider as “authorized mail servers” that can send E-mail for a specific domain name.
Generally speaking, in an Office 365 environment, there is no “mandatory need” for creating and publishing SPF record. Although it is not a mandatory requirement, we should be aware of that fact that in modern mail environment, there is the great importance of publishing SPF records that relate to each of organization-public domain names.
In this article, we will not provide a detailed review of the subject of SPF record, the syntax of SPF record and the different configuration options of SPF record. Instead, we will satisfy with a simple description.
The Implementation of SPF record
SPF record implemented as Text (TXT) DNS record. TXT record, serve as a “logical container” for the text string.
When configuring SPF record, the TXT record will include information about to the authorized mail server that represented a particular domain name.
An organization mail infrastructure could be considered as a very complicated mail infrastructure, which includes dozens of hosts (mail server) that send E-mail on behalf of a specific domain name or a very simple infrastructure in which organization represented by a single mail server.
In other words, the information that appears on the SPF record could be considered as complex and point to a significant number of mail servers or can be very “thin” and point to a particular IP address.
The Office 365 SPF record
In Office 365 based environment, there are hundreds or even thousands of mail servers. To be able to deal with such a scenario in which we need to relate or describe a significant number of mail servers, the SPF standard uses a unique parameter described as “include.”
The SPF “include” parameter, serve as a “pointer” to additional TXT record that includes a detailed list of the Office 365 mail servers.
The host name of the TXT record that serves as a “container” for the information about the Office 365 mail servers is – spf.protection.outlook.com
Our particular SPF scenario
As mentioned, in reality, the organization mail infrastructure, can be based on Office 365 mail infrastructure and also, other mail servers.
In the current article, we will not relate to such a scenario. Instead, we will refer to a very specific situation, in which an organization (o365pilot.com in our example) uses Office 365 as a “main mail infrastructure” and doesn’t use other external mail servers.
In this case, the SPF record that we are going to create will relate only to the Office 365 mail servers.
Note – in case that you want to read information about additional SPF configuration scenarios, you can read the following articles:
How to get the value of the Office 365 SPF record
Let’s make is simple, the value of the Office 365 SPF record that is relevant to all the Office 365 tenants is-
Versus other Offices 365 DNS record such as the MX record, that is created uniquely for a particular registered domain, the basic SPF record is identical to all the Office 365 different organization and the different registered domain.
And again, it’s important to emphasize that in this article, we relate to a very specific scenario in which the organization uses Office 365 as his mail infrastructure without using any additional external servers.
In case that you would like to see the value of the SPF record for your particular domain that registered with Office 365, use the following steps:
- Login to Office 365 management portal
- On the left menu bar, click on the Setting icon
- Select the submenu Domains
Select the domain name which you want to view his DNS settings
- In our example, we select the registered domain name – o365pilot.com
- The domain settings appear.
- Under the Exchange Online section, we can see information about the DNS records that are related to the Exchange Online services.
In our example, we are interested in the value of the SPF record. The information about the SPF record value appears beneath the “MX record.”
In the following screenshot, we can see the value of the SPF.
SPF record implemented by using Text (TXT) record.
A TXT record includes two separated parts:
- Hostname – in our scenario, the host name will be represented by the sign – @
- The value of the TXT record – the information about the approved Office 365 mail server is configured by using the following text – v=spf1 include:spf.protection.outlook.com -all
Creating an SPF record using GoDaddy DNS management interface
In the next section, we will review the required steps that need for creating a “new SPF record.”
In our specific example, we will create the new SPF record using the Godaddy admin interface.
In case that you use another DNS provider, the interface is probably slightly different, but the basic concepts are identical.
- Login into GoDaddy account
- Select the DOMAINS section and click – manage.
- Select the required domain name that you want to edit.
- Click on the Manage DNS button
In our example, we want to add the SPF record to a domain called – o365pilot.com
A window that includes a list of all the existing DNS records appear.
- At the bottom of the windows, click on the ADD menu
In this step, we are going to create a new text record (TXT) that will serve as SPF record that includes information about Office 365 authorized mail servers.
In the Type* option box, select – TXT
In the following screenshot, we can see that the TXT includes parameters:
- Hostname – each TXT record is represented by a particular name. In our scenario, we use the “@” characters as the host name. The “@” characters represent a generic host name.
- The value (the content) of the SPF record – the required information that we need to add to the SPF record that represents Office 365 mail servers is –
v=spf1 include:spf.protection.outlook.com -all
In the following screenshot, we can see that the new SPF record was successfully created and saved.
Verifying that the new SPF record is published and includes the required syntax.
In this phase, we want to check if the information about the new SPF record that we have created in the previous step for the domain name – o365pilot.com successfully published and that the information is available for the various mail server that will need to verify our SPF record.
The additional thong that we would like to verify is that the information that appears in the SPF recorded seems proper and doesn’t include any strange characters or other errors.
To be able to check this information, we can use a couple of tools, and web base tool.
Using the NSLOOKUP command line tool for checking information about SPF record
In this section, we will use the NSLOOKUP command line tool for getting information about all the existing TXT records of a specific domain name (in our example, o365pilot.com)
- Open the command prompt (start => Run => CMD).
- Type the command – NSLOOKUP and hit the Enter key.
- Enter the following command – set type=txt
- Type the domain name – o365pilot.com
In the following screenshot, we can see the result. The domain o365pilot.com includes only one TXT record. This is the SPF record that we have created in the above step.
The syntax of the SPF record appears as proper syntax.
Verify SPF record using the MXTOOLBOX website
In this step, we will use a well know website named MXTOOLBOX
- Access the MXTOOLBOX website (http://mxtoolbox.com)
- On the top menu bar, select the More menu
- Look for the “SPF box.”
- Type the required domain name and click on the orange arrow
In the following screenshot, we can see the result. The SPF verification test completed successfully. The information about the o365pilot.com SPF record appears as “green.”
Verify SPF record using the dmarcian website
An additional interesting website that we can use for verifying information about and SPF record is the dmarcian website (https://dmarcian.com/spf-survey).
- Enter your domain name and hit the Survey The Domain
In the following screenshot, we can see the information about the SPF record.
The additional interesting thing that the dmarcian web-based tool can “do” is the “extract process” which memetic the procedure that is implemented by the mail server when the SPF record syntax uses the “include” option.
The SPF record that represents Office 365 uses the “include'” feature that “point” to
the hostname – spf.protection.outlook.com
At the bottom of the result screen, we can see that the dmarcian web-based tool managed to “extract” the content that is “contained” in the spf.protection.outlook.com record.
It is important for us to know your opinion on this article