Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during the delivery of the email. SPF alone, though, is limited to detecting a forged sender claim in the envelope of the email, which is used when the mail gets bounced. Only in combination with DMARC can it be used to detect the forging of the visible sender in emails (email spoofing), a technique often used in phishing and email spam.
The DMARC entry can be queried via dig +short TXT _dmarc.$domain
This is btw the most common dns configuration mistake I found. People have a SPF entry but no DMARC (or have it set to "none")