 There's a few steps that you need to perform in order to implement SPF on Office 365. The first thing that you do is collect a list of all the sources that you use to send email from your domain. After that, you want to compile those sources into an SPF record. Then you want to validate the SPF record using an online tool just to make sure that it is valid before you publish it. The next step, of course, is publishing that record in DNS. The last thing that you want to do is enforce it, though in Office 365 it's kind of enforced by default, so it isn't something that we really have to worry too much about.