Email Security/Exchange Online - Ensure That SPF Records Are Published For All Exchange Domains

 







Summary

A corresponding Sender Policy Framework (SPF) record should be created for every domain that is configured in Exchange.

Reason

These SPF records allows Exchange Online Protection and other mail systems know where messages from the domains are allowed to originate. This information will help the system in determining a way to treat the message; based on whether it is spoofed or valid. 

What If?

The impact of setting up SPF records should be minimal, but, a proper SPF record setup should be done by an organization, because, an email can be flagged as spam if SPF is not setup correctly.

How to?

To setup SPF records for Exchange Online accepted domains, perform the following steps:
  1. If all the emails in a domain is sent from and received by Exchange Online, add the following TXT record for each Accepted Domain-

v=spfl include:spf.protection.outlook.com -all

      2. If there are other systems that can send email in the environment, then, refer to this article for the            proper SPF configuration- https://docs.microsoft.com/en-us/office365/SecurityCompliance/set-    up-spf-in-office-365-to-help-prevent-spoofing.

Monitor:

To verify that SPF records are published for Exchange Online Domain, do the following:
  1. Open a command prompt.
  2. Type the following command-

nslookup -type=txt domainl.com

      3. Now, ensure that the value exists and it includes include:spf.protection.outlook.com . This                        designates Exchange Online as a designated sender. 

To verify the SPF records are published, use the REST API for each domain:

https://graph.microsoft.com/v1.0/domains/[DOMAIN.COM]/serviceConfigurationRecords
  1. Now, ensure that the value exists and it includes include:spf.protection.outlook.com . This              designates Exchange Online as a designated sender.









































Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)