Using the DNS Management service that Microsoft provide for free as part of Office 365 is really convenient. It automatically manages all DNS records related to the 365 services and makes setup a breeze.
But, there is a problem with it. If you want to edit the default Office 365 SPF Record it does not allow you to do so because this is automatically managed by them. It is not an uncommon requirement to allow additional authorized SMTP servers so this is a bit of a weakness in the service. If you try to add your own TXT record it generates an error:
According to the forum posts I have seen, Microsoft recommend moving the DNS service back to a 3rd party and creating the required records there. Not a very convenient solution, in my opinion.
However, there is a work around, probably not supported by Microsoft, but it does work.
How to add a custom SPF record to an Office 365 DNS managed domain
So, first things first, generate your new SPF record. My custom record looks like this:
v=spf1 ip4:18.104.22.168 a:spf.protection.outlook.com -all
Now, modify the record to remove the first couple of characters (i.e. “v=”). So it looks like this:
spf1 ip4:22.214.171.124 a:spf.protection.outlook.com -all
The add the record as normal:
Of course adding this record won’t help, but you should now be able to edit the record and add the “v=” back into the TXT value field and it will work as expected.
So that is all there is to it, if you want for the TTL of the previous DNS record to expire then the new SPF record should work as expected.
Pretty easy really, it is a shame that Microsoft don’t let you edit it by default.