Email Authentication - SPF, DKIM, DMARC - Office 365

Authenticating email when using Microsoft 365 and webforms on the website

Getting email traffic through to Inboxes

When using Microsoft 365 you still need to provide correct SPF, DKIM and DMARC records.

SPF – including the website server as a legitimate sender of domain emails
As part of the Microsoft 365 set-up an SPF record will be created - it looks like this

v=spf1 include;spf.protection.outlook.com -all

This TXT record basically says “if the email does not originate from a Microsoft server then fail the message”

We need to add in the IP address of the webserver to make sure that is also recognised as an authentic source for the domain’s email traffic.

Find out the IP address of the server being used

Blackbarn is 185.53.59.24

GURU is 85.92.73.51

Add that IP address to the SPF record in the form

v=spf1 ip4:185.53.59.24 include;spf.protection.outlook.com ~all

Note that the ‘qualifier’ comment at the end of the record has been changed to a ’soft fail’ by using the ‘~’ character as we will be adding in a DMARC policy.

To edit the SPF record log into the relevant WHM console (bear in mind that this may NOT be Blackbarn or GURU – depending on who controls the DNS) navigate to the domain, find the domain records and edit the relevant SPF record.

DKIM is usually automatically supplied by Microsoft when the account is set-up

DMARC is a TXT record that identifies whether SPF and DKIM are running successfully.

Add the record in the form:

Host Name:  _dmarc

Value:  v=DMARC1; p=quarantine; rua=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.;

Check your work by using mxtoolbox.com – if you have it right it will have 3 green ticks as below