Question
I have received a non-delivery report (NDR) email with a SPF validation error. How do I resolve this for M365?
Solution
Please contact your Network Administrator for help with this method.
To troubleshoot, you will first need to check that your SPF record includes the Crossware mail servers.
As your email goes through our service, the Crossware server's IP will be referenced in the email headers.
NOTE: An SPF record identifies which mail servers are permitted to send email on behalf of your domain.
1. View the header of the email you sent.
For Outlook 2016, double-click the email message to display it in its own full window, select "File" > "Properties" and view the message header in the "Internet headers" field at the bottom of the window.
2. Scan the header text for a mention of "spf=fail".
For example:
3. Log in to Kitterman SPF Record Testing Tool or any SPF lookup tool.
4. Type in your "Domain Name" and click "Get SPF Record" (if any).
5. Your SPF record should look similar to this example.
It should NOT return a record that includes the text include:o365.crossware.co.nz -all
5. Your SPF record should look similar to this example.
It should NOT return a record that includes the text include:o365.crossware.co.nz -all
You will need to update your SPF record to include a list of Crossware Mail Servers as an allowable sender from your domain.
6. Update your SPF record in your DNS to include
Depending on the Region you have been Provisioned in:
Region | Use SPF Record |
Trial | include:o365.crossware.co.nz -all |
Australia
Australia K1 | include:aus.o365.crossware.co.nz -all
include:aus-k1.o365.crossware.co.nz -all |
Canada Canada K1 | include:canada.o365.crossware.co.nz -all include:can-k1.o365.crossware.co.nz -all |
Europe Europe K1 Europe K2 Europe K3 | include:europe.o365.crossware.co.nz -all include:eu-k1.o365.crossware.co.nz -all include:eu-k2.o365.crossware.co.nz -all include:eu-k3.o365.crossware.co.nz -all |
France | include:france.o365.crossware.co.nz -all |
USA USA K1 | include:usa.o365.crossware.co.nz -all include:us-k1.o365.crossware.co.nz -all |
United Arab Emirates | include:uae-k1.o365.crossware.co.nz -all |
| QAT-K1 | include:qat-k1.o365.crossware.co.nz -all |
| ALL* | include:o365.crossware.co.nz -all |
*Please only use ALL if you have been Provisioned in Production before 25 November 2018
Example: v=spf1 include:spf.protection.outlook.com include:aus-k1.o365.crossware.co.nz -all
NOTE: How to do this for this will vary depending on your configuration - check with your Network Administrator for assistance.
An example of a DNS record that has been updated to include the include:o365.crossware.co.nz -all value:
7. Use the Kitterman SPF Record Testing Tool (https://www.kitterman.com/spf/validate.html) again to confirm that include:o365.crossware.co.nz -all appears in your SPF records.
Type in your Domain Name and click Get SPF Record (if any)
The results should look like this example below:
NOTE: You will need to allow time for the DNS record changes to propagate which may take up to 24 hours.
8. Send a test email to any external email address to check that your emails are now being sent.