I am trying to write an SPF policy to be used to govern the creation and management of these records. Basically we have no standard for SPF and this has lead to spoofing and spam. Additionally marketing partners are using the domain to send email, instead of "marketing.domain.com. Fear is that this could lead to getting us black listed. So I need to say, here is our standard (the SPF record has be configured to...) and marketing partners cannot use the "domain.com" to send e-mail, instead they must use something like "marketing.domain.com.