Spf record - ORF Forums

@s_laure2000: Hello,

The IPv4 address in question is indeed included in the SPF record of outlook.com. You can test it here:
https://vamsoft.com/support/tools/spf-policy-tester

However, the example SPF record in you post "includes" only a fraction of the full SPF record of outlook.com (i.e. "include:spf.protection.outlook.com" instead of "include:outlook.com"), which does not contain the IPv4 address "ip4:157.55.9.128", and this is why it was added separately to the SPF record.

See the output of the SPF record queries below:

>nslookup -type=TXT outlook.com
Non-authoritative answer:
"v=spf1 include:spf-a.outlook.com include:spf-b.outlook.com *****ip4:157.55.9.128/25***** include:spf.protection.outlook.com include:spf-a.hotmail.com include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com ~all"

vs.

>nslookup -type=TXT spf.protection.outlook.com
Non-authoritative answer:
"v=spf1 ip4:40.92.0.0/15 ip4:40.107.0.0/16 ip4:52.100.0.0/14 ip4:104.47.0.0/17 ip6:2a01:111:f400::/48 ip6:2a01:111:f403::/49 ip6:2a01:111:f403:8000::/50 ip6:2a01:111:f403:c000::/51 ip6:2a01:111:f403:f000::/52 include:spfd.protection.outlook.com -all"

>nslookup -type=TXT spfd.protection.outlook.com
Non-authoritative answer:
"v=spf1 ip4:51.4.72.0/24 ip4:51.5.72.0/24 ip4:51.5.80.0/27 ip4:20.47.149.138/32 ip4:51.4.80.0/27 ip6:2a01:4180:4051:0800::/64 ip6:2a01:4180:4050:0800::/64 ip6:2a01:4180:4051:0400::/64 ip6:2a01:4180:4050:0400::/64 -all"

@s_laure2000: I am afraid you will have to ask Microsoft why Outlook.com's SPF record is structured the way it is. I am sure they have their reasons.

The SPF record of a domain serves a single purpose: It tells upstream email security agents who can send emails on behalf of the domain found in the "envelope (RFC5321,MailFrom)" sender email address, so that they can verify that the mail server that sent the email is actually authorized to send messages on behalf of the domain.

You can learn more about the SPF record's syntax at http://www.open-spf.org/SPF_Record_Syntax/