David,
I would not recommend including IP addresses of third-party email servers when they maintain an SPF record. You would?not be informed?if or when they change.
We use the following for our SPF record:
"v=spf1 mx a ip4:[redacted] ip6:[redacted] include:spf.protection.outlook.com include:groups.io -all"
Incidentally, our DMARC record is configured as follows:
"v=DMARC1; p=reject; sp=reject; pct=100; adkim=s; aspf=r; rua=mailto:[redacted]"
We learned it is important to have "aspf" set to relaxed for acceptance of "send on behalf" messages. Note that issues can still occur but this is the best compromise we could effect.
--
Jim
Jim Wilson