Merge branch 'main' into Prefs-chrisda

chrisda · chrisda · commit dd362030efd7 · 2025-04-15T08:41:04.000-07:00
diff --git a/defender-office-365/advanced-delivery-policy-configure.md b/defender-office-365/advanced-delivery-policy-configure.md
@@ -524,7 +524,7 @@ This example modifies the (presumably only) phishing simulation override rule wi
 These changes don't affect existing entries in the rule.
 
 ```powershell
-Get-ExoPhishSimOverrideRule| Set-ExoPhishSimOverrideRule| Set-ExoPhishSimOverrideRule -AddSenderDomainIs blueyonderairlines.com -RemoveSenderIpRanges 192.168.1.55
+Get-ExoPhishSimOverrideRule| Set-ExoPhishSimOverrideRule -AddSenderDomainIs blueyonderairlines.com -RemoveSenderIpRanges 192.168.1.55
 ```
 
 For detailed syntax and parameter information, see [Set-ExoPhishSimOverrideRule](/powershell/module/exchange/set-exophishsimoverriderule).
diff --git a/defender-office-365/email-authentication-spf-configure.md b/defender-office-365/email-authentication-spf-configure.md
@@ -5,7 +5,7 @@ f1.keywords:
 ms.author: chrisda
 author: chrisda
 manager: deniseb
-ms.date: 1/29/2024
+ms.date: 04/15/2025
 audience: ITPro
 ms.topic: how-to
 
@@ -68,7 +68,7 @@ The rest of this article describes the SPF TXT records that you need to create f
 
 SPF TXT records are exhaustively described in [RFC 7208](https://datatracker.ietf.org/doc/html/rfc7208).
 
-The basic syntax of the SPF TX record for a custom domain in Microsoft 365 is:
+The basic syntax of the SPF TXT record for a custom domain in Microsoft 365 is:
 
 ```txt
 v=spf1 <valid mail sources> <enforcement rule>
@@ -181,6 +181,8 @@ Important points to remember:
 
 - **One SPF record per domain or subdomain**: Multiple SPF TXT records for the same domain or subdomain cause a DNS lookup loop that makes SPF fail, so use only one SPF record per domain or subdomain.
 
+- **Time to live (TTL)**: We recommended a minimum TTL value of 3600 seconds (one hour) on SPF TXT records to avoid DNS lookup timeouts.
+
 - **Less than 10 DNS lookups**: When destination email systems query the SPF TXT record for valid sources for the MAIL FROM address domain, the query scans through the IP addresses and `include:` statements in the record until the message source (ultimately, an IP address) matches one of the specified sources. If the number of DNS lookups (which can be different than the number of DNS _queries_) is greater than 10, the message fails SPF with a permanent error (also known as a `permerror`). The destination email system rejects the message in a non-delivery report (also known as an NDR or _bounce message_) with one of the following errors:
   - The message exceeded the hop count.
   - The message required too many lookups.
diff --git a/defender-office-365/submissions-user-reported-messages-custom-mailbox.md b/defender-office-365/submissions-user-reported-messages-custom-mailbox.md
@@ -190,7 +190,7 @@ When **Monitor reported messages in Outlook** is selected and you also select **
     For more information, see [Automatic user notifications for user reported phishing results in AIR](air-user-automatic-feedback-response.md).
 
   - **Customize sender and branding** section:
-    - **Specify a Microsoft 365 mailbox to use ads the From address of email notifications**: Select this option and enter the sender's email address in the box that appears. If you don't select this option, the default sender is `submissions@messaging.microsoft.com`.
+    - **Specify a Microsoft 365 mailbox to use as the From address of email notifications**: Select this option and enter the sender's email address in the box that appears. If you don't select this option, the default sender is `submissions@messaging.microsoft.com`.
     - **Replace the Microsoft logo with my organization's logo across all reporting experiences**: Select this option to replace the default Microsoft logo that's used in notifications. Before you do this step, follow the instructions in [Customize the Microsoft 365 theme for your organization](/microsoft-365/admin/setup/customize-your-organization-theme) to upload your custom logo.
 
 - **Report from quarantine** section \> **Allow reporting for quarantined messages**: Verify that this setting is selected to let users report messages from quarantine as they [release quarantined email messages](quarantine-end-user.md#release-quarantined-email). Otherwise, uncheck this setting.
diff --git a/defender-office-365/zero-hour-auto-purge.md b/defender-office-365/zero-hour-auto-purge.md
@@ -200,7 +200,7 @@ ZAP actions might be overridden by [Safe sender lists](create-safe-sender-lists-
 - The MX record for your Microsoft 365 domain points to another service or device, and you use a mail flow rule to [bypass spam filtering](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-set-scl) (high confidence phishing).
 - [Admin submissions of false positives to Microsoft](submissions-admin.md#report-good-email-to-microsoft). By default, allow entries for domains and email addresses, files, and URLs exist for 30 days (malware and high confidence phishing).
 
-It's important for you to carefully consider the implications of bypassing filtering, as it could compromise the security posture of your organizatione.
+It's important for you to carefully consider the implications of bypassing filtering, as it could compromise the security posture of your organization.
 
 ### What are the licensing requirements for ZAP?
 
