Sender Policy Framework SHALL Be Enabled

Description

The Sender Policy Framework (SPF) is a mechanism that allows domain administrators to specify which Internet Protocol (IP) addresses are explicitly approved to send email on behalf of the domain, facilitating detection of spoofed emails. SPF is not configured through the Exchange admin center, but rather via the Domain Name Service (DNS) records hosted by the organization’s domain.

Policy

A list of approved IP addresses for sending mail SHALL be maintained
An SPF policy(s) that designates only these addresses as approved senders SHALL be published.

Licensing Considerations

Any tenant can configure this setting.

Set Up Instructions

Set up SPF to help prevent spoofing - Office 365 | Microsoft Learn

How Sender Policy Framework (SPF) prevents spoofing - Office 365 | Microsoft Learn

Adding SPF records to a domain will vary depending on where the domain is hosted. Follow these steps for configuring an SPF record for Exchange Online.

End-User Impact

Level: Low

Without proper SPF configuration, is possible that users will have their email rejected or marked as spam when sending outbound messages.

Tips

Optimize SPF Record: How To Optimize SPF Record? v spf1 a mx (easydmarc.com)

PowerShell Scripts

None Currently

Videos

PreviousAutomatic Forwarding to External Domains SHALL Be Disabled NextDomainKeys Identified Mail SHOULD Be Enabled

Last updated 1 year ago