 The last step on many mail servers would be enforcing the SPF record. Since we're on Office 365, it's automatically used by our ATP anti-fishing and ATP anti-spam policies that we already have in place. So there's no additional configuration that's really required. It is possible to create a transport rule that does some very specific things to block messages if they fail SPF. In most cases, it should not be required on Office 365. But if you are seeing issues, I would recommend contacting our support here at Protected Trust, and we can give you help with setting up that kind of transport rule in your exchange environment.