Sender Policy Framework (SPF) is a system for verifying that sending E-mail servers are permitted to send mail for a given domain. This system is designed to prevent spoofing by checking a particularly configured DNS record of the domain in the email address.
To configure SPF for your hosted Exchange domain, first ensure that your MX records are configured exactly as specified in the following knowledge-base article:
How do I configure my DNS for Exchange mail
Please note that if you configure your DNS incorrectly and enable SPF, you may not be able to send E-mail from your hosted Exchange.
Once your DNS has been configured, add the following TXT record:
"v=spf1 mx -all"
You can configure a hard-fail (-all) or a soft-fail (~all) by changing the last item in the record. You can also authorise other servers to be able to send on behalf of this domain by adding items to the SPF record in the format “ipv4:18.104.22.168” or “a:server.domain.com” before the “-all”. You can also include the SPF records for another domain by adding “include:another.domain.com”. For example:
“v=spf1 mx ipv4:22.214.171.124 a:mail.example.com include:another.domain.com -all”
This will allow sending from all Mail Exchangers configured in DNS and from 126.96.36.199 and mail.example.com. It will also import the SPF records for another.domain.com.
It is recommended that you only configure a soft-fail for testing purposes, and once you have confirmed that all of your mail sending scenarios are not mistakenly being rejected you switch to using a hard-fail (“-all”).
For more information on SPF, see the Wikipedia article. https://en.wikipedia.org/wiki/Sender_Policy_Framework