Exchange Online Protection SPF record


Hi, I have received a message sent via Exchange Online host IPv6 "2603:10a6:20b:c0::31". The message was marked as spam because of SPF fail. Subnet "2603:10a6:20b:c0::/64" is not in the list of O365 servers Microsoft provides:

I see this type of thing happening quite often, both with IPv4 and IPv6 hosts in Exchange Online , with messages sent by legit senders via Exchange Online. What would be the right procedure to deal with this? more than registering a case in O365 admin portal.. Thanks, Ruslan

8 Replies



If you think these messages are being sent by legit Exchange Online senders, then I would say it is the senders responsibility to check and modify their SPF records accordingly to ensure all legitimate entries are included.

@PeterRisingsender's SPF is OK

"v=spf1 -all"

but the IP of the exchange online transport server used was not in the list of host in , message header states " does not designate 'sample ip here' as permitted sender". BR, Ruslan


I'm facing the same issue in certain circumstances. Did you happen to find a solution for this?

@Rick no, sadly, i have not found any solution or explanation to this..

I have the same issue. Last problematic mail was sent from 2603:10a6:20b:1ec::22, that is not included in

@error404 @RNalivaika @PeterRising 

Did you happen to move your core customer data to another geolocation lately? I believe that this might be related ...

Anfordern der Datenverschiebung - Microsoft 365 Enterprise | Microsoft Docs

@Rick Looks like that is not related.

I am using as SPF, most of e-mails go with corrct ip adresses, but few are using incorrect ones.

Another one record i found is that is related only to Germany, but our tenant have nothing to do with Gernany, also those few e-mails are never sent from those IPs.

@Rick Yes, we did request geo move for the tenant in question. That might be related, but I don't think we have any way to test and confirm it. R-