Updating the SPF record for your domain

Your organization should already have a SPF record for your domains registered with Microsoft Office 365. You need to update this record in the DNS zone for the relevant domain.

To update your record:

  1. Remove v=spf1 include:spf.protection.outlook.com –all.
  2. Replace with or add v=spf1 include:_spf.prod.hydra.sophos.com -all.

If your outbound email is being routed through Sophos Email and Office 365 simultaneously for a period, you can leave the original SPF record, and add an include statement for Sophos Email. However, we recommend you replace it with the Sophos Email SPF record once all your outbound email is routed through us.

If you are certain that you do not have any third parties sending mail on your behalf, and all your outbound mail is routed through Sophos Email, you can add a hard fail instead: v=spf1 include:_spf.prod.hydra.sophos.com -all.

Note This means that your mail needs to be sent from Sophos Email to be accepted by the receiver's mail servers (if they carry out SPF checks).