Publishing Exchange Server public IP address in a hybrid Exchange setup?

Question

I'm currently using the Hybrid Exchange Online and Exchange Server OnPremise setup.

I have included the IP addresses of all my Exchange Servers in the below TXT record, I wonder if it is really necessary to prevent email flow issues?

v=spf1 a mx ptr ip4:69.64.152.23 ip4:69.64.152.123 ip4:52.13.23.26 ip4:54.68.180.96 ip4:52.116.76.27 include:_spf.psm.knowbe4.com include:_spf.google.com include:servers.mcsv.net include:mail.zendesk.com -all

As I need to enter additional SPF record entries without breaking the 10 Lookup maximum. Some of them include: above has recursive search, hence the result from https://dmarcly.com/tools/spf-record-checker already showing 10 DNS queries.

Is it a duplicate of https://serverfault.com/q/1106001/256639 ? I didnt used my hammer to close as dupe, but please explain me why it's not a dupe. — yagmoth555, Jul 27 '22 at 01:56
No, it is not, I am just asking, whether the Public IP address for my Exchange Servers ar required or not in the SPF record before I remove it? — Senior Systems Engineer, Jul 27 '22 at 02:53
Do all of your Exchange servers send outbound email directly? If so, then yes they need to be in your SPF record. — joeqwerty, Jul 27 '22 at 03:01
Do the other entities in your SPF record send email on behalf of your domain(s)? — joeqwerty, Jul 27 '22 at 03:02
@joeqwerty, I assume yes, since the document https://docs.microsoft.com/en-us/exchange/transport-routing#outbound-messages-to-the-internet shows the Outbound send connector sends something to Office 365. — Senior Systems Engineer, Jul 27 '22 at 04:36
Yes, I believe the marketing team and developers are using the SaaS listed in the SPF records. — Senior Systems Engineer, Jul 27 '22 at 04:37

score 1 · Accepted Answer · answered Jul 27 '22 at 07:23

It seems your issue has been solved in below link. https://docs.microsoft.com/en-us/answers/questions/943454/publishing-the-exchange-server-public-ip-address-i.html

**RafaelDaRocha:

In a hybrid exchange deployment, messages from on-prem mailboxes are delivered directly by the on-prem servers, so yes, they have to be present in the spf record**

Addition info: https://docs.microsoft.com/en-us/exchange/transport-routing#outbound-messages-to-the-internet

Please do not forget to mark the helpful replies as answers, this will make answer searching in the forum easier and be beneficial to other community members as well. Thanks!

Publishing Exchange Server public IP address in a hybrid Exchange setup?

1 Answers1