Share via

Azure external DNS spf record is not updating when changed

Tasha Steele 0 Reputation points
2026-02-24T21:52:58.8333333+00:00

I have made changes to our spf record and n o changes show when checking mxtoolbox. It is set to update with TTL 60minutes, changed a week ago. Not sure if it is a subscription issue. We don't have a balance.

Azure DNS
Azure DNS

An Azure service that enables hosting Domain Name System (DNS) domains in Azure.

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Himanshu Shekhar 4,990 Reputation points Microsoft External Staff Moderator
    2026-02-26T17:24:46.26+00:00

    Hello Tasha, Just checking please let me know if you have any queries.

    This is not an Azure subscription or billing issue. Lack of subscription balance does not impact DNS or SPF record updates.

    If your SPF change (TTL = 60 minutes) is still not visible in MXToolbox after a week, the most common causes are DNS‑related, not Azure‑related:

    please check and we can suggest:

    Confirm the authoritative DNS provider Ensure the SPF change was made at the actual DNS hosting provider for the domain (Azure DNS, GoDaddy, Cloudflare, etc.), not in an inactive or old DNS zone.

    Only one SPF record must exist A domain can have only one v=spf1 TXT record. Multiple SPF records cause lookups to fail or show inconsistent results in tools like MXToolbox.

    DNS caching can exceed TTL Even with a 60‑minute TTL, some recursive resolvers and third‑party tools cache records longer. This can delay visibility despite the record being correctly updated.

    1. Verify using direct DNS queries (not only MXToolbox) Check the live DNS response using: nslookup -type=TXT yourdomain.com or dig TXT yourdomain.com. If these show the updated SPF, then MXToolbox is likely still serving cached data. Ensure SPF is published as a TXT record SPF must be published as a TXT record (the legacy SPF record type is deprecated).
    2. If using Microsoft 365, validate SPF format For Microsoft 365‑only email sending, the SPF record should include: v=spf1 include:spf.protection.outlook.com -all Adjust only if you have additional mail senders.

    Microsoft documentation :

    1. Set up SPF to identify valid email sources for your custom cloud domains - https://learn.microsoft.com/en-us/defender-office-365/email-authentication-spf-configure
    0 comments
  2. Q&A Assist
    2026-02-24T21:53:08.6633333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    If your SPF record changes are not reflecting after a week, there are a few things to consider:

    1. DNS Caching: DNS changes can be affected by caching at various levels, including DNS clients and recursive resolvers. Even if you've set a TTL of 60 minutes, some caches may hold onto the old record longer than expected.
    2. SPF Record Format: Ensure that your SPF record is correctly formatted. It should be created using the TXT record type, as the SPF record type is deprecated. An example of a correct SPF record is: v=spf1 include:spf.protection.outlook.com -all.
    3. Verification: After making changes, you can verify your SPF record using tools like nslookup. For example, you can run nslookup -q=TXT YourCustomDomain.com to check if your updated SPF record is listed.
    4. Registrar Updates: If you updated the SPF record at your DNS hosting provider, ensure that the changes were saved and propagated correctly. Sometimes, issues can arise if the updates were not applied properly.
    5. Subscription Issues: While you mentioned that you don't have a balance issue, ensure that your subscription is active and that there are no restrictions that might affect DNS updates.

    If the problem persists, consider reaching out to your DNS hosting provider for further assistance.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.