Knowledge Base

Problems related to Sender Policy Framework (SPF)

Problem:

You experience problems related to Sender Policy Framework (SPF) TXT records configured for your domain. For example, your emails are treated as spam or junk by Exchange Online Protection (EOP).

Solution:

The correct configuration of SPF TXT records

SPF record configuration needs to be done at your DNS hosting provider or domain registrar.

  • To see an example of how to configure an SPF TXT record correctly, see Configuring SPF records in the user's manual of CodeTwo Email Signatures for Office 365.
  • For more information on the SPF syntax, see this Microsoft article.
  • To learn how to create DNS records (including SPF records) for the most popular DNS hosting providers / domain registrars, see this Office 365 support article.

How to set up TTL?

Time to live (TTL) defines how often a caching (recursive) DNS name server should query the authoritative name server in your domain for the SPF record. In other words, this value defines how often name servers cache any changes in your SPF record. The TTL value is set up in seconds. When configuring your SPF record you can provide any value of TTL, depending on how often you plan to change this record. Remember that shorter TTL means heavier load on your authoritative name server.

What happens if I set more than one SPF record for a domain?

You need to make sure that each domain has only one SPF record:

  • If you have several SPF records set for your domain, you need to fix that by creating a single SPF record that includes the information from all records, and delete the other records.
  • If you want to provide any additional information to your SPF record, you need to do that by changing (updating) the existing SPF record instead of creating separate records.

How to verify SPF records

If you suspect that Sender Policy Framework is not configured correctly in your environment (for example, your emails land in spam), you can verify the syntax of your SPF record by using various external tools, for example:

Spoofing alerts appear when I send internal emails in Office 365

If you use CodeTwo software and your default *.onmicrosoft.com Office 365 domain, and you get the following warning:

This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing

when you open internal emails, see this Knowledge Base article.

My emails land in the spam/junk folder

If your emails are going into the spam or junk folder in your recipients' mailboxes, this might mean that your SPF records are not configured correctly. You need to configure them as per guidelines above; it is also a good idea to verify them. See this article for additional information.