question

Ramki-5805 avatar image
0 Votes"
Ramki-5805 asked Ramki-5805 commented

Avoid Suspected Spam / Email Spoof

Hello Team

people in my partner organization would like to send email from my domain name

like Abc.com is my domain and xyz.com is my partner domain. they want to send email as username@abc.com

and i dont want to allow their Public IP to whitelisted in ABC.com. instead i would go SPF or DKIM.

Since SPF and DKIM is new to me. i am interested to implement either SPF or DKIM . could you please assist me on this

office-exchange-online-itprooffice-exchange-server-mailflowoffice-exchange-hybrid-itpro
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndyDavid avatar image
0 Votes"
AndyDavid answered Ramki-5805 commented

Hi @Ramki-5805

Add the sending IP Addresses of the partner domain's mail servers to ABC.COM 's SPF record in external DNS and that will authorize those servers to send as ABC.COM

Make sense?

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @AndyDavid

Exactly its make sense., i can add the Sending IP address of partners mail servers in my ABC' .com SPF ( external DNS). it shd work.

Howecevr, the below scenerio, i have not tested.

Assume, i have not added theri IP in MY SPF, and what happen when they try to send email from ABC.com from their email service. will get any NDR?

or will go to junk folder or they cannot send email.

Another thing , After added the sending IP address of partners mail servers in my ABC' .com SPF ( external DNS). should i create any rule to allow then


0 Votes 0 ·

Hi @Ramki-5805 ,

If you dont add their IPs to your SPF, the message will likely not be delivered and end in junk or quarantine, yes. It could be rejected by some recipients as well.

If they are spoofing your domain and sending to your domain as well, you should probably add a transport rule to allow them based on the sender and the sending IP address, yes.



0 Votes 0 ·

Hi @AndyDavid

Excellent update thanks for your help.

0 Votes 0 ·
KyleXu-MSFT avatar image
0 Votes"
KyleXu-MSFT answered Ramki-5805 commented

@Ramki-5805

In this situation, SPF or DKIM isn't used to verify the email sent from xyz.com to your domain. Because the email is sent from your server rather than your partner. The SPF is used to prevent email be blocked on recipient mail server.

When xyz.com relay email from your organization, the SPF is used to prevent email(relay from your Exchange server) be blocked on other mail server rather than mail server.

If you want to deploy SPF, you can follow those two article(one for Exchange online and other for Exchange on-premises). For more additional information, you can confirm with your DNS provider:

Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@KyleXu-MSFT
Thanks for your update. So SPF or DKIM is not useful when they are using their email server to send emails as ABC.com

what if they are using any email services like applications which support SPF or DKIM where they want to send as ABC.com

if their application s not support for DKIM, how to get things worked out

0 Votes 0 ·