No changes are required to your domain's SPF record to use Envoke.
SPF is used to validate the "envelope" address on an email message. This address is distinct from the "from" address displayed to recipients. All messages sent through Envoke use an Envoke envelope address, and we manage the SPF record for its domain. This means you can send messages through Envoke, using your own domain in the "from" address, without adding Envoke's servers to your SPF record.
SPF records and forwarded messages
Our Return-Path header (AKA: envelope sender) is lists.bettermail.ca which is the address that is being verified by SPF records.
smtpX.mailsender04.com is the name for some of our SMTP servers, this however is not being verified by SPF records.
Our SPF records for bettermail.ca allow sending from all of our IP ranges.
See the following sample SPF pass header from Gmail for example.
spf=pass (google.com: domain of firstname.lastname@example.org designates 220.127.116.11 as permitted sender) email@example.com
The problem with some forwarded emails is that the destination still checks the SPF records of the original sender (our Return-Path header).
Since the IPs of the forwarding server are not in our SPF records it will be rejected by the destination server due to our SPF policy which was previously set to a hard fail "-all".
This really is not a problem with the SPF records but how the forwarding is done.
Please see http://www.openspf.org/SRS or http://en.wikipedia.org/wiki/Sender_Rewriting_Scheme for help in implementing the Sender Rewriting Scheme.
Our SPF records will allow forwarded messages to be classified as a soft SPF fail instead of the original hard SPF fail.