This past Monday evening, Microsoft corporation for the domain changed its SPF record from soft fail to hard fail.

There are many ways that receivers can use SPF hard fail – some mark it as spam outright, some use it as a heavy weight in their spam filter, some use it as a light weight, and some even do nothing with it. However any other receiver uses it, publishing a hard fail allows some receivers to discard unauthenticated-SPF mail from Microsoft.

I personally led the effort to update the SPF record. Because Microsoft is such a large company with so many teams sending email in so many different ways, it took a long time to inventory everyone and get it under control.

But, we finally get it done. It’s something I will be talking about at the upcoming Virus Bulletin conference in Seattle this September.

DMARC - how to use it to improve your email reputation.