Troubleshooting SPF Validation Issues: Microsoft and Some Other ESPs Recognizing EasySPF Setup

Some sending sources verify their presence in a domain’s SPF record by specifically looking for their include mechanism, for example: v=spf1 include:thirdpartyservice.com ~all

Microsoft 365 is one such source. If the required include mechanism is missing or has been flattened, you may encounter errors in your Microsoft account:

EasySPF, a dynamic IP flattening solution extracts IP address values from include tags in your SPF record and consolidates them under a single include mechanism tag. This simplifies your SPF record and reduces lookup counts. However, sources like Microsoft 365, which rely on the explicit presence of their include mechanism name, may not recognize this flattened setup. Despite this, the actual sending IPs remain in use and pass email authentication checks as expected, ensuring email deliverability. The issue lies in these sources' inability to verify their presence based solely on the flattened structure.There is no need for concern, as the IPs continue to function correctly and pass email authentication without issues.

​​Now, let’s compare this to Zendesk’s approach, which differs slightly from Microsoft.

Zendesk requires verification to achieve an SPF pass. To do this, you must first add the include mechanism to your SPF record in the DNS, complete the verification process within Zendesk, and only then safely update the DNS to integrate the inclusion with the EasySPF solution.

Your SPF record before verifying Zendesk:
v=spf1 include:mail.zendesk.com include:_spf.yourdomain_com._d.easydmarc.pro ~all

Your SPF record after verifying Zendesk and adding the source to EasySPF:
v=spf1 include:_spf.yourdomain_com._d.easydmarc.pro ~all