The Autodiscover record is used by Outlook email clients to locate an Exchange mailbox server. In on-premises and Exchange hybrid environments, the Autodiscover record points to an on-premises Exchange server with either the Client Access Server role (Exchange Server 2010/2013) or the Mailbox/Client Access Server role (Exchange 2016/2019). In fully deployed Exchange Online environments, the Autodiscover record points to Exchange Online.
Further reading
The Autodiscover protocol has a lot of nuance and configurability, which you can learn about in detail here: https://aka.ms/autodiscover.
SPF
SPF is a DNS-based technology that domain owners configure to identify servers that are allowed to send as a particular domain. SPF records are formatted as text records, specifying the IP addresses and names of servers authorized to send on a domain’s behalf. SPF was first defined by RFC 4408.
Further reading
You can learn more about how Microsoft implements SPF records in Microsoft 365 here: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/email-authentication-spf-configure.
DKIM
DKIM is another email verification technology. DKIM also uses a DNS. DKIM uses a form of public key cryptography to sign messages that are authorized to originate from your domain. DKIM was first introduced in RFC 4871, and later revised with RFCs 5585 and 6376.
Further reading
You can learn more about how Microsoft implements DKIM in Microsoft 365 here: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/email-authentication-dkim-configure.
DMARC
DMARC works in conjunction with SPF and DKIM to authenticate mail systems and specifies how to handle messages whose validation values don’t line up. DMARC provides instructions for receiving mail systems when a message fails SPF or DKIM checks. DMARC was first defined in RFC 7489.
Further reading
You can learn more about how Microsoft implements DMARC in Microsoft 365 here: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/email-authentication-dmarc-configure.
As you deploy to Exchange Online and Microsoft 365 services, implementing and updating these DNS records will help ensure mail flows to your environment and that other organizations can trust the validity of mail purporting to be from your domain(s).
Planning and implementing mail routing
Mail routing is the collection of processes that happens after a message has left the sender. Actions taken along the route may include examining for malware or spam, redirecting based on message properties, adding Carbon copy (Cc) or Blind carbon copy (Bcc) recipients, adding additional mail headers, encrypting or decrypting content, or even rejecting mail.