When enabling outgoing email protection, administrators now need to add only one entry to their SPF record

When enabling inline protection for outgoing emails – DLP or phishing/malware – emails are sent out to the external party from the Microsoft 365 IP addresses, that need to be included in your SPF record.

However, since Check Point inspects those emails inline, if the external recipient’s email security policy is very strict, it may require the Check Point IP addresses to be included in the SPF record as well.

To achieve that you now need to add one entry to your SPF record, utilizing the Include mechanism:

Include:spfa.cpmails.com

Customers that already added the different IP addresses and networks to the SPF record can now change it to only include the new entry.

You may also like