TLDR: Add include:relay.mailbaby.net ip4:MAIN_SERVERIP_ADDRESS to your DNS spf record.
Note: The server connecting IP should be added to the spf record. Directadmin and cPanel servers default spf include the main ip of the server. While email delivery when using mailbaby will not use this IP, mailbaby servers will look at the SPF record to ensure the connecting server is authorized to send email for the specific domain.
SPF (Sender Policy Framework) is an email authentication method designed to detect forging sender addresses during the delivery of the email. SPF allows the receiving mail server to check during mail delivery that a mail claiming to come from a specific domain is submitted by an IP address authorized by that domain’s administrators. The list of authorized sending hosts and IP addresses for a domain is published in the DNS records for that domain. Adding SPF will help prevent email spoofing and aid in delivery (gmail as an example may not accept email that it considers unauthorized – no spf/dmarc/dkim).
A basic spf record may look like
“v=spf1 a mx include:relay.mailbaby.net ~all”
This record would allow:
the ip addresses the root domain points to (A record)
the ip addresses of the MX records
All the records in the TXT record of relay.mailbaby.net
There is a limit to the amount of dns lookups an spf record can have, and having multiple spf entries could reach the limit. It is recommended to test the changes using https://www.dmarcanalyzer.com/spf/checker/ or similar to ensure the spf is valid.