Should I add an SPF record for a Website that sends email

I have a hosted website that send email messages on behalf of our company from their local mail server. These messages are generated when customers fill out forms on the website and then they get a confirmation email showing sent from “ourdomain” even though it is really coming from “theirdomain”. Should I add “” into my SPF record? Or would this just be opening up a hole for other spoofed email messages?

I want to make sure that email coming from this website server does not get blocked when I set the system to quarantine or deny.

Thanks in advance for your thoughts on this.


Insufficient info given, so cannot advise . Try filling out a form on the website, and then analyze headers, esp. Authentication Results in the confirmation email.