Blocking Spoofed Inbound Email - Office365

bbigford

I went way more basic...

I found out immediately that a sales site (hosted externally) uses a spoofed email address to work. That stopped working and I just put in an explicit rule for that outside source.

momurda

https://technet.microsoft.com/en-us/library/dn789058(v=exchg.150).aspx

If one of those txt records doesnt say
v=spf1 include:spf.protection.outlook.com -all
It isnt correct for o365.
Yours may have some other include:external static ip address of mail server if you have local servers that send email out(spiceworks, backup appliance, etc)

JaredBusch

@BBigford said in Blocking Spoofed Inbound Email - Office365:

I went way more basic...

I found out immediately that a sales site (hosted externally) uses a spoofed email address to work. That stopped working and I just put in an explicit rule for that outside source.

That will stop internal users form seeing spoofed email, but that has nothing to do with the ability for spoofed email to be sent in your name though.

coliver

You could also easily do an nslookup to confirm these records. Just make sure you set the type to txt, on Windows at least.