This past Monday evening, Microsoft corporation for the domain microsoft.com changed its SPF record from soft fail to hard fail.
There are many ways that receivers can use SPF hard fail – some mark it as spam outright, some use it as a heavy weight in their spam filter, some use it as a light weight, and some even do nothing with it. However any other receiver uses it, publishing a hard fail allows some receivers to discard unauthenticated-SPF mail from Microsoft.
I personally led the effort to update the SPF record. Because Microsoft is such a large company with so many teams sending email in so many different ways, it took a long time to inventory everyone and get it under control.
But, we finally get it done. It’s something I will be talking about at the upcoming Virus Bulletin conference in Seattle this September.
DMARC - how to use it to improve your email reputation.