Sender Policy Framework (SPF) allows email administrators to reduce sender-address forgery (spoofing) by specifying which are allowed to send email for a domain. SPF is configured by adding a specially formatted TXT record to the DNS zone for the domain.
You can read a detailed explanation of how SPF works here.
It is recommended to implement SPF for your domains. Although adding SPF records to your domain does not directly help to prevent spam from being received by your organization, it does help other organizations to prevent spam email that is spoofing your domain. This in turn can help maintain the reputation of your email domain, and reduce the likelihood of your organization’s legitimate emails being rejected by other email systems, and can help reduce NDRs or bounce back messages from other email systems when spammers are spoofing your domain.
However, SPF is not always able to simply be turned on. A misconfigured SPF record can cause legitimate emails from your domain to be rejected by other email systems. So it is recommended to proceed with caution, taking care to audit all of the possible legitimate senders of email for your domain (including your Exchange/Exchange Online system, plus any external hosted systems that send email using your domain, such as email marketing or payroll systems).
You can also consider adding your SPF record as a “Neutral” or “Soft Fail” during the initial implementation period, before changing it to a “Hard Fail” once you are satisfied that your SPF record is accurately configured.