Spf record - ORF Forums

Spf record RSS Back to forum

1

Hello,
What does this example mean?

v=spf1 include:spf.protection.outlook.com ip4:157.55.9.128

I understood that it allows the whole Outlook domain to send emails to the mail server of another domain.
Why add an IP 157.55.9.128 in "ipv4"? It is not included in outlook.com?
Thanks in advance

by s_laure2000 1 month ago
2

@s_laure2000: Hello,

The IPv4 address in question is indeed included in the SPF record of outlook.com. You can test it here:
https://vamsoft.com/support/tools/spf-policy-tester

However, the example SPF record in you post "includes" only a fraction of the full SPF record of outlook.com (i.e. "include:spf.protection.outlook.com" instead of "include:outlook.com"), which does not contain the IPv4 address "ip4:157.55.9.128", and this is why it was added separately to the SPF record.

See the output of the SPF record queries below:

>nslookup -type=TXT outlook.com
Non-authoritative answer:
"v=spf1 include:spf-a.outlook.com include:spf-b.outlook.com *****ip4:157.55.9.128/25***** include:spf.protection.outlook.com include:spf-a.hotmail.com include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com ~all"

vs.

>nslookup -type=TXT spf.protection.outlook.com
Non-authoritative answer:
"v=spf1 ip4:40.92.0.0/15 ip4:40.107.0.0/16 ip4:52.100.0.0/14 ip4:104.47.0.0/17 ip6:2a01:111:f400::/48 ip6:2a01:111:f403::/49 ip6:2a01:111:f403:8000::/50 ip6:2a01:111:f403:c000::/51 ip6:2a01:111:f403:f000::/52 include:spfd.protection.outlook.com -all"

>nslookup -type=TXT spfd.protection.outlook.com
Non-authoritative answer:
"v=spf1 ip4:51.4.72.0/24 ip4:51.5.72.0/24 ip4:51.5.80.0/27 ip4:20.47.149.138/32 ip4:51.4.80.0/27 ip6:2a01:4180:4051:0800::/64 ip6:2a01:4180:4050:0800::/64 ip6:2a01:4180:4051:0400::/64 ip6:2a01:4180:4050:0400::/64 -all"

by Daniel Novak (Vamsoft) 1 month ago
(in reply to this post)

3

@Daniel Novak (Vamsoft): Hello,
What I don't understand is why the ip 157.55.9.128 is not included in the domain spf.protection.outlook.com?

Is it because it is a new IP?

For example if I have a URL with several dynamic IP. All dynamic IPs will be included.
Example:
Wanadoo.fr

Nslookup wanadoo.fr
Dynamic IP : 146.67.8.9, 98.56.78.1

Can you explain me



Thank you very much for your help.

by s_laure2000 1 month ago
(in reply to this post)

4

@s_laure2000: I am afraid you will have to ask Microsoft why Outlook.com's SPF record is structured the way it is. I am sure they have their reasons.

The SPF record of a domain serves a single purpose: It tells upstream email security agents who can send emails on behalf of the domain found in the "envelope (RFC5321,MailFrom)" sender email address, so that they can verify that the mail server that sent the email is actually authorized to send messages on behalf of the domain.

You can learn more about the SPF record's syntax at http://www.open-spf.org/SPF_Record_Syntax/

by Daniel Novak (Vamsoft) 1 month ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2