SPF is one of the three pillars of email authentication (alongside DKIM and DMARC). It's a single TXT record in your domain's DNS that tells receiving mail servers: "these IP addresses and hostnames are allowed to send mail claiming to be from me; if you see mail claiming to be from me from somewhere else, treat it as suspicious."
A typical SPF record:
v=spf1 include:_spf.google.com include:hostedemail.com ~all
Breakdown: v=spf1 = SPF version, include: = "also allow whatever these external policies allow", ~all = "soft-fail anything else (mark as suspicious but deliver)".
Modusdom configures SPF automatically when you provision a mailbox through us. If you self-host or use a different mail provider, you write the record yourself in your DNS zone.