Reduced SPF Record Footprint for Outgoing Traffic Inspection
When enabling outgoing email protection, administrators now need to add only one entry to their SPF record
When enabling inline protection for outgoing emails – DLP or phishing/malware – emails are sent out to the external party from the Microsoft 365 IP addresses, that need to be included in your SPF record.
However, since Check Point inspects those emails inline, if the external recipient’s email security policy is very strict, it may require the Check Point IP addresses to be included in the SPF record as well.
To achieve that you now need to add one entry to your SPF record, utilizing the Include mechanism:
Include:spfa.cpmails.com
Customers that already added the different IP addresses and networks to the SPF record can now change it to only include the new entry.