Office365 IP addresses get rejected for SPF Fail
Modified on: Fri, 29 May, 2020 at 4:45 PM
If you see a message sent from an Office365 email domain flagged for SPF Fail, it is because Office365 -occasionally- sends from IP addresses that are not contained by their new SPF include: statement.
Existing SPF "TXT" record for spf.protection.outlook.com
"v=spf1 ip4:184.108.40.206/15 ip4:220.127.116.11/16 ip4:18.104.22.168/14 ip4:22.214.171.124/17 ip6:2a01:111:f400::/48 ip6:2a01:111:f403::/48 include:spfd.protection.outlook.com -all"
What we have see is the sending IP is in the 126.96.36.199/24 range.
Add "188.8.131.52/14" to System Setup > Mail Authentication > SPF Whitelisted IPs/Networks:
-- That will bypass SPF checks for that IP range.
-- That IP range that used to be in their SPF record, before it was changed.
Did you find it helpful?
Sorry we couldn't be helpful. Help us improve this article with your feedback.