1. The “name” should be the top level domain, i.e. greyskymedia.com or @
   
2. Always start the record with v=spf1
   
3. Always allow the listed MX servers to send mail for the domain by including mx after v=spf1
   
4. Add hostnames which are approved to send mail on behalf of the domain, this is simlar, but different from relaying. For Proofpoint include a:dispatch-us.ppe-hosted.com
   
5. List included domains/urls which are approved to send on behalf, or “relay”, i.e. include:_spf.freshbooks.com to allow freshbooks.com to send emails. When including more than one relay domain add a space after the last include url and then start the next include, like this: include:_spf.freshbooks.com include:spf.mtasv.net. The second include is for postmark.com to send bulk email for a service we’re using.
   
6. Choose to allow the website’s current IP to send email or to block it. To block, add nothing; to allow add a to the record
   
7. Choose to let only the top level domain send email, i.e. greyskymedia.com or to allow subdomains to send also, i.e. support.greyskymedia.com. Add nothing for top-level only, at ptr to allow subdoamins.
   
8. The last step is to define if we should either allow, notify or block senders who fail an SPF check. The options are:
   a. Neutral, mail will probably be delivered: ?all
   b. Soft Fail, will be accepted and marked as non-compliant: ~all
   c. Hard Fail, will be rejected: -all
   
9. Strung together the complete record for greyskymedia.com would be:
   v=spf1 mx a:dispatch-us.ppe-hosted.com include:_spf.freshbooks.com include:spf.mtasv.net include:emsd1.com ~all