Categories
Blog

Does Office 365 enforce SPF on incoming emails?

One of the key measures in email security is the Sender Policy Framework (SPF), which helps to prevent email spoofing and phishing attacks. SPF allows the recipient’s email server to verify if the incoming email is sent from an authorized sender or not. But, does Office 365 enforce SPF on incoming emails?

The answer is yes, Office 365 does enforce SPF on incoming emails. SPF is an industry-standard email authentication mechanism, and Office 365 takes it seriously to ensure the security and integrity of its users’ email communications.

When an email is sent to an Office 365 user, the receiving email server checks the DNS records of the sender’s domain to find the SPF record. The SPF record contains a list of authorized IP addresses or domains that are allowed to send emails on behalf of the sender’s domain. If the sending IP address or domain is not included in the SPF record, Office 365 may mark the email as spam or reject it altogether.

This strict enforcement of SPF helps to protect Office 365 users from receiving spoofed or malicious emails, reducing the risk of falling victim to phishing attacks or other email-based threats.

However, it is important to note that SPF alone may not be sufficient to completely prevent email spoofing and phishing attempts. It is recommended to complement SPF with other email security measures, such as DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting, and Conformance).

In conclusion, Office 365 takes email security seriously and enforces SPF on incoming emails to protect its users from potential email threats. SPF, along with other email authentication mechanisms, plays a crucial role in ensuring the integrity and authenticity of email communications in Office 365.

Understanding Office 365 SPF for Incoming Emails

When it comes to email security, Office 365 takes it seriously. One of the measures it uses to protect users from spam and spoofed emails is SPF (Sender Policy Framework). But does Office 365 enforce SPF on incoming emails?

Yes, Office 365 does enforce SPF on incoming emails. SPF is an email authentication method that allows the recipient’s email server to check if the sender of the email is authorized to send messages on behalf of the domain mentioned in the email’s “From” address. This helps prevent email spoofing and unauthorized use of a domain name for sending malicious or spam emails.

When an email is received by an Office 365 mailbox, the system checks the DNS records for the sender’s domain to verify if the email is coming from an authorized server. If the email fails the SPF check, it is likely to be marked as spam or rejected altogether.

SPF ensures that only authorized servers can send emails on behalf of a specific domain, improving email deliverability and reducing the risk of receiving malicious or unwanted messages. By enforcing SPF on incoming emails, Office 365 provides an additional layer of security for its users.

In addition to SPF, Office 365 also supports other email security measures like DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting, and Conformance). These authentication methods work in conjunction with SPF to further enhance email security and prevent email spoofing.

Overall, Office 365’s enforcement of SPF on incoming emails is an important step in protecting users from spam, phishing attempts, and other email-related security threats. It helps ensure that only legitimate emails from authorized servers are delivered to users’ inboxes, improving the overall email security of the Office 365 environment.

What is SPF?

SPF, which stands for Sender Policy Framework, is an email validation system used to prevent email spoofing. It is a method of verifying that the sender of an email is authorized to send emails on behalf of a particular domain.

When an email is sent, the SPF record of the sender’s domain is checked. This record contains a list of authorized mail servers that are allowed to send emails on behalf of that domain. If the sending server is not listed in the SPF record, the email may be considered suspicious or fraudulent.

By enforcing SPF on incoming emails, Office 365 can help ensure that only authorized emails from legitimate sources are delivered to recipients’ inboxes. This can help reduce the risk of phishing attacks and other malicious activities.

How Does SPF Work?

SPF stands for Sender Policy Framework, and it is an email authentication method used to prevent email forgery. It works by allowing the domain owner to specify which mail servers are authorized to send emails on behalf of their domain.

When an email is sent, the receiving mail server checks the SPF record for the sender’s domain to verify if the sending server is authorized to send emails for that domain. If the SPF check fails, the email may be rejected, marked as spam, or flagged with a warning.

To enforce SPF on incoming emails, Office 365 checks the SPF record of the sending domain for each incoming email. If the SPF record is properly configured and the sending server is authorized, the email is accepted. If the SPF check fails, the email may be marked as spam or rejected.

SPF helps to validate the authenticity of incoming emails and provides an additional layer of security to prevent email spoofing and phishing attacks. By enforcing SPF, Office 365 helps to protect users from receiving malicious or fraudulent emails.

Why is SPF Important for Email Security?

SPF (Sender Policy Framework) is an email authentication method that helps verify the legitimacy of incoming emails. It allows email recipients to verify that an email claiming to be from a specific domain was actually sent from an authorized server.

SPF is important for email security because it helps prevent email spoofing and phishing attacks. Email spoofing occurs when a malicious sender disguises their email to make it appear as if it was sent from a trusted source. Phishing attacks, on the other hand, involve tricking recipients into providing sensitive information by pretending to be a legitimate organization.

By enforcing SPF on incoming emails, Office 365 checks if the email’s sender is authorized to send emails on behalf of the domain it claims to be from. If the sender is not authorized, the email may be considered suspicious or blocked entirely, reducing the risk of falling victim to spoofing or phishing attempts.

Additionally, SPF helps improve email deliverability. When email servers see that a domain has properly configured SPF records, they are more likely to trust the email and deliver it to the recipient’s inbox instead of marking it as spam.

In conclusion, SPF is important for email security because it helps verify the authenticity of incoming emails, prevents email spoofing and phishing, and improves email deliverability. By enforcing SPF on incoming emails, Office 365 enhances the security and trustworthiness of the email communication for its users.

Does Office 365 Implement SPF?

Office 365 is a popular cloud-based suite of productivity tools offered by Microsoft. One of the important email security measures it implements is SPF (Sender Policy Framework).

SPF is an email authentication method that allows domain owners to specify which mail servers are authorized to send email on behalf of their domain. When an incoming email is received by Office 365, it checks if the sender’s domain has an SPF record published in its DNS settings. If an SPF record is found, Office 365 validates the SPF by comparing the sender’s IP address with the authorized list of mail servers specified in the SPF record.

If the SPF check fails, Office 365 can mark the email as spam or reject it altogether, depending on the configuration set by the administrator. This helps to prevent spoofing and phishing attacks, as well as reduce the amount of spam reaching user inboxes.

Enforcing SPF on Incoming Emails

Office 365 can enforce SPF on incoming emails by performing strict SPF checks. In this case, if an incoming email fails the SPF check, it will be rejected and not delivered to the recipient’s inbox. This adds an extra layer of security and helps protect users from email-based threats.

However, it’s important to note that the enforcement of SPF checks on incoming emails is a configuration setting that can be customized by the Office 365 administrator. They can choose to allow SPF failures and still deliver the emails to the recipient’s mailbox. This flexibility allows organizations to balance security and usability based on their specific needs.

Conclusion

Office 365 implements SPF as part of its email security measures. SPF helps protect against spoofing and phishing attacks by validating the sender’s domain and mail servers. While Office 365 can enforce SPF on incoming emails by rejecting those that fail the SPF check, the specific configuration is determined by the administrator. This ensures that organizations have the flexibility to customize their email security settings based on their requirements.

Office 365 SPF Incoming Emails
Enforces SPF Yes Yes

Benefits of Enforcing SPF on Incoming Emails

When it comes to email security, it is crucial to have measures in place to protect against spoofing and phishing attempts. Sender Policy Framework (SPF) is one such measure that organizations can implement on their email servers to verify the authenticity of incoming emails.

By enforcing SPF on incoming emails, Office 365 ensures that only authorized servers are allowed to send emails on behalf of a specific domain. This helps in preventing forged or spoofed emails from reaching the recipient’s inbox, protecting them from potential phishing attacks.

Enhanced Email Security

Enforcing SPF on incoming emails adds an extra layer of security by verifying the origin of emails. It prevents malicious actors from impersonating a legitimate sender, reducing the risk of fraudulent activities and unauthorized access to sensitive information.

Reduced Spam and Phishing Emails

SPF enforcement helps in reducing the volume of spam and phishing emails that end up in the recipients’ inboxes. With SPF, only emails from recognized and authorized email servers are accepted, significantly reducing the chances of receiving malicious or unsolicited emails.

Additionally, SPF enforcements help in reducing the workload on the email server by blocking emails at the early stages, before they consume server resources and reach the users’ mailbox.

Improved Reputation and Deliverability

By enforcing SPF, organizations can establish a good email sending reputation. This helps in increasing the chances of their legitimate emails reaching the recipient’s inbox instead of being marked as spam or being blocked by other email servers.

Improved deliverability ensures that important emails, such as business communications or customer support inquiries, are received by the intended recipients in a timely manner, ensuring smooth communication and preventing any disruptions in workflow.

In conclusion, enforcing SPF on incoming emails in Office 365 provides enhanced email security, reduces spam and phishing emails, and improves reputation and deliverability. It is an effective measure to protect against spoofing and phishing attempts, ensuring a safer and more reliable email communication environment.

What Happens to Emails without SPF Records in Office 365?

In Office 365, SPF (Sender Policy Framework) records are used to verify the sender’s identity and reduce the chances of spoofing and phishing attempts. When an email is received by Office 365, it checks the SPF record of the sending domain to verify if the IP address of the sender is authorized to send emails on behalf of that domain.

If an email arrives without an SPF record, Office 365 does not enforce an SPF check by default. It treats the email as if it has “neutral” SPF results. However, this does not mean that emails without SPF records are automatically marked as spam or blocked. Office 365 still applies its standard spam and malware filters to the email.

It’s important to note that while Office 365 does not enforce SPF checks for emails without SPF records, it still recommends that organizations configure SPF records for their domains. This helps improve email deliverability and prevent unauthorized emails from being sent.

Possible Actions:

  • Organizations can configure SPF records for their domains by adding the necessary DNS entries to their DNS provider.
  • It is recommended to use the SPF wizard provided by Office 365 to generate the correct SPF record syntax.
  • Organizations can also set up SPF records to define which IP addresses or domains are allowed to send emails on behalf of their domain.
  • Regular monitoring and updating of SPF records is essential to ensure their accuracy.

In summary, while Office 365 does not enforce SPF checks for emails without SPF records, it is still advisable for organizations to configure SPF records to improve email deliverability and prevent unauthorized emails.

How to Enable SPF Enforcement in Office 365

SPF (Sender Policy Framework) is an email authentication method that helps prevent email spoofing. By enforcing SPF rules on incoming emails, Office 365 can verify that the sender is authorized to send emails on behalf of a domain, making it more difficult for malicious actors to send fraudulent emails.

To enable SPF enforcement in Office 365, you can follow these steps:

  1. Sign in to the Office 365 admin center.
  2. Go to the Exchange admin center.
  3. Navigate to the protection section.
  4. Click on “Anti-spam” in the left-hand menu.
  5. Under the “Content filtering” section, click on “Edit”.
  6. In the “Sender authentication” section, select “Enforce SPF check”.
  7. Click on “Save” to apply the changes.

Once you have enabled SPF enforcement, Office 365 will check the SPF records for incoming emails and take appropriate actions based on the results. If a sender’s SPF record doesn’t match, the email may be marked as spam or rejected entirely, depending on your organization’s settings.

It is important to regularly monitor and review your SPF rules and settings to ensure that legitimate emails are not being incorrectly blocked and that your organization is properly protected against email spoofing and phishing attempts.

Steps to Create an SPF Record for Office 365

To ensure that Office 365 enforces SPF on incoming emails, follow these steps to create an SPF record:

Step 1: Log in to your DNS hosting provider’s website.

Step 2: Locate the DNS management settings for your domain name.

Step 3: Find the section for creating DNS records and select “TXT” as the record type.

Step 4: Enter the following SPF record: “v=spf1 include:spf.protection.outlook.com -all”.

Step 5: Save the record and wait for the changes to propagate (this can take up to 48 hours).

Step 6: Verify the SPF record by using a DNS lookup tool, such as the mxtoolbox.com SPF Lookup.

Note: It’s important to understand that creating an SPF record for Office 365 does not guarantee that all incoming emails will be validated. Some mail servers may not check SPF records or may have additional spam filters in place.

By following these steps, you can enhance the reliability of SPF enforcement for incoming emails on Office 365.

Common Issues with Implementing SPF in Office 365

Implementing Sender Policy Framework (SPF) in Office 365 is an effective way to prevent email spoofing and improve email deliverability. However, there are several common issues that organizations may encounter when implementing SPF in Office 365.

  • Enforce vs. SoftFail: One common issue is the choice between enforcing the SPF policy and using the SoftFail mechanism. Enforcing the SPF policy can result in stricter email filtering, but it may also cause legitimate emails to be rejected if the sending domain is not properly configured. Using SoftFail allows emails from domains with invalid SPF records to still be delivered, but it reduces the effectiveness of SPF in preventing email spoofing.
  • Multiple SPF Records: Another common issue is the presence of multiple SPF records for a domain. Having multiple SPF records can cause conflicts and lead to unpredictable email delivery. It is recommended to consolidate all SPF records into a single record to ensure consistent and accurate SPF checking.
  • SPF Record Length: Office 365 imposes a limit on the length of SPF records that can be published. If the SPF record exceeds this limit, it may result in SPF failures or incomplete SPF checks. It is important to ensure that the SPF record is within the allowed length to avoid any issues.
  • Incorrect Syntax: Incorrect syntax in the SPF record can also cause issues with SPF implementation. Common syntax mistakes include missing include mechanisms, using incorrect IP addresses or CIDR notation, and incorrect formatting. It is important to carefully review the syntax of the SPF record to ensure it is valid and accurately reflects the authorized sending sources.
  • Propagating SPF Changes: Lastly, another common issue is the propagation of SPF changes across DNS servers. After making changes to the SPF record, it can take some time for the changes to fully propagate. During this propagation period, email delivery may be affected, and SPF checks may produce inconsistent results. It is recommended to plan for this propagation delay and monitor the SPF implementation after making any changes.

By being aware of these common issues, organizations can effectively implement SPF in Office 365 and enhance their email security and deliverability.

How to Troubleshoot SPF Issues in Office 365

SPF (Sender Policy Framework) is an email authentication method used to prevent email spoofing and phishing attacks. By enforcing SPF, Office 365 checks if the sender’s IP address is authorized to send emails on behalf of the domain. However, if you are experiencing SPF issues in Office 365, you can follow these steps to troubleshoot the problem.

1. Verify the SPF record: Start by checking the SPF record of your domain to ensure it is properly configured. Use an SPF checker tool to validate the syntax and ensure all necessary IP addresses or hostnames are included.

2. Check DNS propagation: If you recently made changes to your SPF record, it may take some time for the changes to propagate. Use an online DNS propagation checker to verify if the updated SPF record is visible to all DNS servers.

3. Review SPF hard fail settings: In some cases, Office 365 may treat a failed SPF check as a hard fail and reject the incoming email. Check your domain’s SPF hard fail settings in the Office 365 admin center to ensure they are correctly configured.

4. Analyze SPF authentication results: Use the Message Header Analyzer tool in Office 365 to inspect SPF authentication results for a specific email. This will help you identify any SPF failures or issues that may be causing the problem.

5. Check mail flow configuration: Ensure that your mail flow configuration in Office 365 is correctly set up. Verify that the SPF check is enabled and configured to enforce SPF on incoming emails.

6. Investigate external forwarding: If you have set up external forwarding rules, it may bypass the Office 365 SPF check. Ensure that proper measures are in place to authenticate forwarded emails and prevent SPF issues.

7. Consult Microsoft support: If you have followed all the troubleshooting steps and are still experiencing SPF issues in Office 365, it is advisable to reach out to Microsoft support for further assistance. They can provide additional guidance and help resolve any complex SPF issues.

By following these steps, you can effectively troubleshoot SPF issues in Office 365 and ensure a secure and reliable email environment for your organization.

Best Practices for Configuring SPF in Office 365

Sender Policy Framework (SPF) is an email authentication method that helps protect against spoofed emails and phishing attacks. When properly configured, SPF allows email servers to verify that incoming emails are sent from authorized sources.

Understand SPF

Before configuring SPF in Office 365, it is important to understand how SPF works. SPF works by publishing a DNS record that specifies which email servers are authorized to send emails on behalf of a given domain. When an email is received, the receiving server checks the SPF record of the sending domain to verify if the email has been sent from an authorized server.

Review SPF Configuration in Office 365

Office 365 provides a user-friendly interface for managing SPF settings. To review your SPF configuration in Office 365, log in to the Microsoft 365 admin center, navigate to the Exchange admin center, and access the SPF settings. Ensure that the SPF record contains all the authorized email servers for your domain. Regularly review and update the SPF configuration to account for any changes in your email infrastructure.

It is also recommended to use the “include” mechanism to include the SPF records of any third-party email service providers that you use. This ensures that emails from these providers are not marked as spam by recipient servers.

Testing and Monitoring SPF

After configuring SPF in Office 365, it is important to test and monitor the implementation. Use online SPF checking tools to validate the SPF record and ensure that it is properly set up. Monitor the SPF logs and email delivery reports to identify any issues and take appropriate action.

Educate Users About SPF Failures

Even with a correctly configured SPF, there may still be instances where legitimate emails fail SPF checks due to misconfigurations or other issues. Educate your users about SPF failures and advise them to be cautious of emails flagged as potentially fraudulent. Encourage them to report suspicious emails and provide guidance on how to identify and avoid phishing attempts.

Implementing and properly configuring SPF in Office 365 is an important step in securing your organization’s email infrastructure. By following these best practices, you can help protect against spoofed emails and enhance the overall security of your email communications.

How to Verify SPF Enforcement in Office 365

If you want to ensure that Office 365 enforces SPF on incoming emails, you can follow these steps:

  1. Sign in to your Office 365 account as an administrator.
  2. In the Microsoft 365 admin center, go to the “Protection” section.
  3. Click on “Mail flow” and then select “Select an email message” under the “Troubleshoot” tab.
  4. Choose an email that was sent to your organization.
  5. Click on “View message header” and find the “Authentication-Results” section.

If SPF enforcement is enabled, you should see a line that says “spf=pass”. This indicates that the email passed SPF authentication and was allowed through. If SPF enforcement is not enabled, you will not see this line in the message header.

It’s important to note that even if SPF enforcement is enabled, it does not guarantee that all spam or malicious emails will be blocked. SPF is just one layer of protection in the overall email security system.

Additional Considerations

  • Make sure that your SPF records are correctly set up for your domain. This involves adding the necessary TXT record to your DNS settings.
  • Regularly monitor the effectiveness of your email security measures and consider implementing additional security features such as DKIM and DMARC.
  • Train your users to be cautious with email attachments and to report any suspicious emails to your IT team.

Conclusion

Verifying SPF enforcement in Office 365 is an important step in ensuring the security of your organization’s email system. By following the steps outlined above, you can confirm whether or not SPF is being enforced on incoming emails. Remember to also take into account other security measures to protect against spam and phishing attacks.

Improving Email Security with SPF authentication

SPF (Sender Policy Framework) authentication is a widely used method to enhance email security. It allows domain owners to specify which mail servers are authorized to send emails on their behalf, preventing unauthorized senders from spoofing their domain.

When it comes to Office 365 and the enforcement of SPF on incoming emails, the answer is yes. Office 365 does enforce SPF checks on incoming emails. This means that when an email is received by an Office 365 account, the SPF record of the sending domain is checked to ensure that the email is coming from an authorized server.

This enforcement of SPF on incoming emails is crucial for preventing email spoofing and protecting users from phishing attempts. By verifying the SPF record, Office 365 can identify whether the email is legitimate or if it has been sent by an unauthorized server.

SPF authentication works by configuring the DNS (Domain Name System) record of the sending domain. This record specifies which IP addresses or mail servers are authorized to send emails on behalf of the domain. When an email is received, the server checks the SPF record to ensure that the sending server is authorized.

Implementing SPF authentication can significantly improve email security and reduce the risk of phishing attacks. It provides an additional layer of protection by verifying the authenticity of the sender’s domain. By enforcing SPF on incoming emails, Office 365 ensures that users receive emails only from trusted sources.

Impact of SPF on Email Deliverability in Office 365

Office 365 is a popular cloud-based office suite that provides a range of services, including email functionality. One important aspect of email deliverability in Office 365 is the enforcement of Sender Policy Framework (SPF) on incoming emails. SPF is an email authentication protocol that allows the domain owners to specify which servers are allowed to send emails on their behalf.

Enforcing SPF on incoming emails in Office 365 has a significant impact on email deliverability. It helps to prevent email spoofing and phishing attacks by verifying the authenticity of the sender’s domain. When an email arrives at an Office 365 mailbox, the service checks the SPF record of the sender’s domain to ensure that it matches the IP address from which the email was sent.

If the SPF record does not match or is not properly configured, Office 365 may mark the email as spam or reject it altogether. This ensures that only legitimate emails from verified senders are delivered to the recipients’ inboxes, reducing the risk of fraudulent or malicious emails.

Benefits of SPF enforcement in Office 365
1. Improved email deliverability: By enforcing SPF on incoming emails, Office 365 ensures that only legitimate emails from authenticated senders reach their intended recipients.
2. Enhanced security: SPF helps protect Office 365 users from email spoofing, phishing, and other malicious activities by verifying the authenticity of the sender’s domain.
3. Reduced spam and unwanted emails: By implementing SPF, Office 365 can identify and filter out spam and unwanted emails that do not comply with SPF policies.

Overall, SPF enforcement plays a crucial role in maintaining a secure and reliable email environment in Office 365. It not only improves email deliverability but also enhances security by preventing unauthorized senders from impersonating legitimate domains. Organizations using Office 365 should properly configure and regularly update their SPF records to ensure optimal email deliverability and security.

SPF and DMARC: Enhancing Email Security in Office 365

Office 365, being a leading cloud-based productivity suite, takes email security seriously. One of the key measures it uses to ensure secure email communication is SPF (Sender Policy Framework).

SPF is an email authentication protocol that allows domain owners to specify which mail servers are authorized to send email on their behalf. By setting up SPF records, domain owners can prevent spammers from forging their domain in the From address of an email.

So, to answer the question “Does Office 365 enforce SPF on incoming emails?” – yes, Office 365 does enforce SPF checks on incoming emails. Whenever an email arrives at an Office 365 mailbox, the system checks the SPF record for the sending domain to verify the authenticity of the email. If the SPF check fails, Office 365 may handle the email differently, such as routing it to the Junk Email folder or blocking it altogether.

In addition to SPF, Office 365 also supports DMARC (Domain-based Message Authentication, Reporting, and Conformance). DMARC combines the strengths of SPF and another email authentication protocol called DKIM (DomainKeys Identified Mail). It further enhances email security by providing domain owners with visibility and control over the email authentication process.

With DMARC, domain owners can specify how to handle emails that fail SPF or DKIM checks. They can set policies to quarantine or reject such emails, preventing them from reaching the end user’s mailbox. Furthermore, DMARC allows domain owners to receive reports on email authentication failures, which can help identify potential spoofing attempts and take necessary actions to enhance email security.

Overall, by enforcing SPF and supporting DMARC, Office 365 enhances email security by reducing the risks of email spoofing and phishing attacks. Domain owners can take advantage of these email authentication protocols to protect their brand reputation, maintain user trust, and safeguard sensitive information.

Question-answer:

Does Office 365 enforce SPF on incoming emails?

Yes, Office 365 checks whether the sender’s IP address is authorized to send email on behalf of the domain specified in the From address. If the SPF (Sender Policy Framework) record is not properly configured, Office 365 may mark the email as spam or reject it.

What is SPF record?

SPF record is a DNS (Domain Name System) TXT record that specifies which IP addresses are allowed to send email on behalf of a specific domain. It helps prevent email spoofing and improves email deliverability.

Can I configure SPF record to enforce email authentication in Office 365?

Yes, you can configure SPF record to enforce email authentication in Office 365. By setting up a proper SPF record, you can specify the IP addresses or hostnames that are allowed to send email on behalf of your domain, and Office 365 will check if the sender’s IP address matches the SPF record.

What happens if an incoming email fails the SPF check in Office 365?

If an incoming email fails the SPF check in Office 365, it may be marked as spam or rejected, depending on how your organization’s spam filter settings are configured. It’s important to properly configure the SPF record to prevent legitimate emails from being marked as spam.

Is SPF the only email authentication method used in Office 365?

No, SPF is one of the email authentication methods used in Office 365, but there are other methods as well, such as DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting, and Conformance). These methods work together to provide a layered approach to email authentication and help prevent email phishing and spoofing.

What is Office 365?

Office 365 is a cloud-based suite of productivity tools and services provided by Microsoft, which includes applications like Word, Excel, PowerPoint, Outlook, and more.

What is SPF?

SPF stands for Sender Policy Framework and it is an email authentication method that helps prevent email spoofing and phishing. It allows the email recipient to verify that the message is actually coming from a trusted source and not from someone pretending to be someone else.

Does Office 365 enforce SPF on incoming emails?

Yes, Office 365 does enforce SPF on incoming emails. It checks the SPF records of the sending domain to verify whether the email has been sent from an authorized server or not. If the SPF record does not match, the email may be flagged as spam or rejected altogether.