Problems related to Sender Policy Framework (SPF)
You experience problems related to Sender Policy Framework (SPF) TXT records configured for your domain. For example, your emails are treated as spam or junk by Exchange Online Protection (EOP).
- The correct configuration of SPF records
- How to set up TTL?
- What happens if I set more than one SPF record for a domain?
- How to verify SPF records
- Spoofing alerts appear when I send internal emails in Microsoft 365 (Office 365)
- My emails land in the spam/junk folder
SPF record configuration needs to be done at your DNS hosting provider or domain registrar.
- To see an example of how to configure an SPF TXT record correctly, see Configuring SPF records in the user's manual of CodeTwo Email Signatures 365.
- For more information on the SPF syntax, see this Microsoft article.
- To learn how to create DNS records (including SPF records) for the most popular DNS hosting providers / domain registrars, see this Microsoft 365 support article.
Time to live (TTL) defines how often a caching (recursive) DNS name server should query the authoritative name server in your domain for the SPF record. In other words, this value defines how often name servers cache any changes in your SPF record. The TTL value is set up in seconds. When configuring your SPF record you can provide any value of TTL, depending on how often you plan to change this record. Remember that shorter TTL means heavier load on your authoritative name server.
You need to make sure that each domain has only one SPF record:
- If you have several SPF records set for your domain, you need to fix that by creating a single SPF record that includes the information from all records, and delete the other records.
- If you want to provide any additional information to your SPF record, you need to do that by changing (updating) the existing SPF record instead of creating separate records.
If you suspect that Sender Policy Framework is not configured correctly in your environment (for example, your emails land in spam), you can verify the syntax of your SPF record by using various external tools, for example:
If you use CodeTwo software and your default *.onmicrosoft.com Microsoft 365 domain, and you get the following warning:
This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing
when you open internal emails, see this Knowledge Base article.
If your emails are going into the spam or junk folder in your recipients' mailboxes, this might mean that your SPF records are not configured correctly. You need to configure them as per guidelines above; it is also a good idea to verify them. See this article for additional information.