SPF stands for Sender Policy Framework, and is a method by which the administrator of a domain explicitly specifies which mailservers are allowed to send mail for his domain. As this is just a TXT record that is put into the domains DNS zone file, the setup is fairly straightforward. A very basic SPF for mydomain.com might look like this:
mydomain.com IN TXT "v=spf1 a mx ~all"
The above specifes that this is an SPF record for mydomain.com:
v=spf1 – a required header that indicates this is an spf record
a – the A record for mydomain.com is allowed to send email
mx – the MX record for mydomain.com is allowed to send email
~all – all other mailservers trying to send mail will return a code of “softfail”. The mail will still go through, however it will be a suspect message
If you wished to allow another server to send mail through that had the hostname of mail2.mydomain.com, you would modify the record thusly:
mydomain.com IN TXT "v=spf1 a mx a:mail2.mydomain.com ~all"
Also, if you wish to give a hard fail, and only allow those servers to send mail, the record would look like:
mydomain.com IN TXT "v=spf1 a mx a:mail2.mydomain.com -all