Configuring SPF records

Once you added a new Office 365 tenant to CodeTwo Admin Panel, the next recommended step is to configure your Sender Policy Framework (SPF) records.

If you have your own public domain (e.g., and this is most likely the case, you must add an SPF record for CodeTwo Email Signatures for Office 365 domain in the DNS. This must be done at your domain registrar's DNS configuration, it is not possible from within the Office 365 configuration (see Office 365 support on that).


If you own several domains, you need to configure the CodeTwo SPF record for each domain separately.


Your emails will be forwarded through the CodeTwo Email Azure Service and email headers will contain history of such forwarding. This may be considered suspicious by advanced spam filtering mechanisms installed on the email recipients' mail servers. To avoid these obvious false positives, you should take advantage of the SPF records in your DNS. By adding the CodeTwo Email Azure Service address to your SPF records you declare that you authorized the address of our service to process your mail traffic. Recipients' spam filters check addresses of the mail servers (which processed emails that these particular recipients receive) against SPF records in public DNS servers. If the address of the CodeTwo Email Azure Service is found within these records, all emails processed by CodeTwo Email Signatures for Office 365 will be considered safe (not spam). Otherwise, any outcome is possible.

Again, if you have your own domain, you probably already added an SPF record for Office 365 domain at your domain registrar's DNS following this article, this general instruction or one of the customized instructions here. So, your SPF records that include Office 365 domain look most likely as below:

v=spf1 -all

Now you need to expand this entry to include the CodeTwo Azure Service domain SPF address: Edit your records to add the aforementioned entry so it looks as shown below. We recommend that you add our SPF entry as the last one (directly before -all).

v=spf1 -all


Be aware that this is just an example based on the default SPF records configuration after applying changes suggested by Microsoft. Your SPF records may look different, for example more domains may already be included.

Please pay special attention to the sign which is right before the all phrase. It must be a hyphen (so the last entry is -all, as shown in the examples above) if you want all messages that do not fulfill your SPF definitions to be rejected/bounced.

See next

Configuring Exchange Online connectors - learn how to automatically or manually configure Exchange Online connectors for the program: specify users in your Office 365 whose emails will be processed by the CodeTwo Email Azure Service

Was this information useful?