15
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 21 Jun 2025
15 points (100.0% liked)
Information Security
330 readers
1 users here now
founded 2 years ago
MODERATORS
This is mostly true but keep in mind SPF can have IP ranges (in different formats) and includes of other records, so you really have to write something to chase all those lookups, manage CIDR vs individual IPs vs A records, etc, and build a table to use for lookups , if you want it to be accurate.
I suppose that is a concern, but I think those are cloud IPs they move around occasionally and wouldn't want to make every user update their TXT records.
So for this use case I am pretty sure they would always be DNS names if the admins are following Microsoft's instructions.
It looks like they have you set your txt record to spf.protection.outlook.com which resolves to a txt record with a bunch of their IPs. So if you really wanted to make sure there weren't installs with IPs in their list you can use that txt record to get Microsoft's IP ranges and search for those as well.