http://www.openspf.org/FAQ/Common_mistakes
http://www.kitterman.com/spf/validate.html
example.com. IN TXT "v=spf1 mx -all"
electronics.com 1 TXT v=spf1 a:backup.co.uk a:mail.a.co.uk a:smtp.id.net a:smtp-out.id.net a:mail.it.com ~all
Publish null SPF records for your domains that don't send mail
Once you've protected your mail sending domains with SPF, if someone is trying to spoof you, then first thing they will try is to spoof your non-mail sending domains. Publishing "v=spf1 -all" says that a domain sends no mail. As an example, you might publish:
example.com. IN TXT "v=spf1 a:mail.example.com -all"
mail.example.com. IN TXT "v=spf1 a -all"
www.example.com. IN TXT "v=spf1 -all"