Changes to the NHSmail Sender Policy Framework (SPF)

A change was recently made to the NHS DNS on the 10/02/20 to update the SPF record from softfail to hardfail. Some NHS.UK trusts may experience a mail delivery problem if their SPF has been misconfigured by not including the NHS.NET main SPF record into their DNS.

The issue that may arise is that users receive NDRs with an error similar to the following example “550 5.7.23 The message was rejected because of Sender Policy Framework violation -> 550 MD:IP mail domain spf fail:reject”. Trusts can check their SPF records by using external tools such as MxToolBox.

For information on how to remediate the issue, please follow the steps from our support page – https://support.nhs.net/knowledge-base/spf-dkim-dmarc-configuration/