SPF Setup for Microsoft 365 and Exchange Online

December 6, 2025 • InboxGreenEmail Team

🚨 DKIM issues can silently kill replies.

If opens dropped, replies disappeared, or bounces increased, treat it as an incident. Run the scan and get a fix path.

No signup required. Works on any domain.

search Run a Free Domain Check notifications_active Monitor my domain

SPF Setup for Microsoft 365 and Exchange Online

When you're managing email for your business, getting your messages into the inbox is critical. You need to ensure that your emails are authenticated properly to avoid being marked as spam. One of the key components of email authentication is Sender Policy Framework, or SPF. If you're using Microsoft 365 or Exchange Online, setting up SPF can be straightforward, but there are some nuances to watch out for.

Understanding SPF

SPF is a DNS record that tells receiving mail servers which IP addresses are allowed to send emails on behalf of your domain. This helps prevent spoofing and phishing attacks. If your SPF record is misconfigured, your emails might end up in the spam folder or get rejected entirely.

Why It Matters

For SaaS founders and marketers, the implications are clear. Poor inbox placement affects your open rates, engagement, and ultimately, your bottom line. You want to avoid any hiccups that could lead to your emails being filtered out. So, let’s dive into how to set up SPF for Microsoft 365 and Exchange Online.

Step-by-Step SPF Setup

Step 1: Access Your DNS Settings

The first step is to access your domain's DNS settings. This is usually done through your domain registrar or hosting provider. Look for a section labeled DNS management or similar.

Step 2: Identify Existing SPF Records

Before adding a new SPF record, check if you already have one. You can use the InboxGreen checker to quickly see your current SPF record. Remember, you can only have one SPF record per domain. If you find an existing record, you will need to modify it rather than create a new one.

Step 3: Create or Update Your SPF Record

If you are starting fresh, your SPF record for Microsoft 365 should look something like this:

v=spf1 include:spf.protection.outlook.com -all

This record does a couple of things:

  • v=spf1: This indicates that it's an SPF version 1 record.
  • include:spf.protection.outlook.com: This allows Microsoft 365 to send emails on behalf of your domain.
  • -all: This means that any server not listed in the record is not authorized to send emails for your domain.

If you also send emails from other services, like a marketing platform, you need to include those as well. For example:

v=spf1 include:spf.protection.outlook.com include:other-service.com -all

Make sure to replace other-service.com with the actual domain of the service you are using.

Step 4: Save Your Changes

Once you’ve created or updated your SPF record, save the changes in your DNS settings. DNS changes can take some time to propagate, so don’t be alarmed if you don’t see immediate results.

Step 5: Verify Your SPF Record

After a few hours, it’s time to verify that your SPF record is set up correctly. Use the InboxGreen checker again to confirm that your SPF record is showing up as expected. If there are any errors, the tool will provide feedback on what needs to be fixed.

Common Gotchas

Too Many DNS Lookups

One common issue is exceeding the limit of 10 DNS lookups. Each include: statement counts as a lookup. If you exceed this limit, your SPF record will fail. Use the SPF generator to help manage your includes and keep your record concise.

Incorrect Syntax

Another pitfall is syntax errors. Ensure that your record follows the correct format. A misplaced space or character can invalidate your SPF record. Always double check before saving.

Testing Email Delivery

After setting up SPF, send test emails to various providers like Gmail, Yahoo, and Outlook. Check the headers of the received emails. Look for the Authentication-Results header. It should indicate that SPF passed.

Authentication-Results: mx.google.com; spf=pass (google.com: domain of yourdomain.com designates xx.xx.xx.xx as permitted sender) smtp.mailfrom=yourdomain.com

If you see "spf=fail" or "spf=neutral", revisit your SPF settings.

Next Steps

Setting up SPF is just one piece of the email authentication puzzle. You should also consider implementing DKIM and DMARC for added security and better inbox placement. DKIM adds a digital signature to your emails, while DMARC helps you manage how your domain handles unauthorized use.

For DKIM, you can use the DMARC generator to create the necessary records. This will ensure that your emails are not only authenticated but also protected from spoofing.

Lastly, always monitor your email deliverability. Use the InboxGreen API to integrate email checks into your workflow. This will help you stay on top of any issues that arise.

In summary, take the time to set up SPF correctly for Microsoft 365 and Exchange Online. It’s a crucial step in ensuring your emails land in the inbox, not the spam folder. Start with the InboxGreen checker to see where you stand today, and make those adjustments for a better email experience.

Free Deliverability Scan

Check SPF, DKIM, DMARC and List-Unsubscribe for your domain in seconds.