Recently I found out that emails being sent from our server were getting a softfail on the SPF record. This meant our server wasn't actually allowed to send emails from @example.com. Some servers would mark these mails as spam.
After digging and pulling a few hairs I found out gmail was using our ipv6 address to validate the SPF record, so our original record didn't suffice.
A simple SPF record could look like this:
v=spf1 a mx -all
Which will validate all the "a" and "mx" records for the domain and disallow all others.
When using google apps the suggested record would be:
v=spf1 a mx include:_spf.google.com -all
And in our case we would use something like the following:
v=spf1 a mx ip4:xxx.xxx.xxx.xxx ip6:0000:0000:0000:0000:0000:0000:0000 -all
See the syntax for all possible modifiers and options.
Also, a few testing tools could come in handy.
Lastly, you could use gmail to see if it passes the SPF check. Just open the original for an email and look for a line which begins with "Received-SPF".