Correct SPF

Correct SPF



 Nov 26 2021
2 Comments (2 New)

I got this advise from our supplier to add this here.


Currently we notice that one of the IP ranges from M365 exchange servers is not added to the default spf rule. And looking online we are not the only ones with these issues.


Please add 2603:10a6:20b:c0::/64

Brass Contributor

It would be useful to see the headers from one of the affected messages. Redact any sensitive information beforehand.

Copper Contributor

We encountered this fun problem too. Messages forward from one of our Tenants to another just get dumped as spam.

What have we done wrong you may ask?

Well it appears that the sending M365 service is using as its address.


The specific error in the headers shows that forwarding from O365 to O365 breaks the SPF check.

Received-SPF: Fail ( domain of does not

designate as permitted sender);


So? Well the that we all include in SPF records to white list the MSFT services, currently unrolls (on to:- - ( - - ( - - ( - - ( - MSFTs own range of valid addresses for SFP does not include the they are using for our Tenant.  Oops.


Likely a typo as would fix it, but its worth checking your mileage.


Of course may be lying.... and we may not be getting everything treated as spam.