Exchange online SPF


I may be missing something basic here but can someone explain if I used the recommended spf include statement (v=spf1 -all( (see here: for all exchange online deployment because its not specific to my domain rather generic to wouldn't that mean that any other exchange online customer could spoof my domain?  If they are also coming from that host being a exchange online user just like me


Does that make sense? 


1 Reply

Only if you are sending via the ExO IP ranges, the ones listed when you expand Which Microsoft will only allow you to do for your own domain(s).