By blanket SPF record, I really just meant setting up an SPF record for every domain on the server. Some hosts have set up their DNS templates to automatically add an SPF records. However, this does not account for any circumstances where an account user using that domain, is using a different SMTP server to send out mail. This is really what I was referring to as a blanket SPF record.
I must say, that I'm not really an SPF expert. Perhaps the blanket SPF record would not cause problems, someone who understands SPF and mailing protocols may be able to verify or dispute my theory.
If I am understanding SPF correctly, an SPF record of:
v=spf1 a mx ~all
This is basically saying that the IP associated with this particular domain (I'll call it domain.com for argument's sake) and the IPs associated with the MX records for this domain, are the only IPs that are allowed to send mail from this domain. This would work fine if everyone who sends mail from an @domain.com address uses mail.domain.com or domain.com as their outgoing mail server. But if you have, for example, Verizon as your ISP and you are using mail.verizon.net as your ougoing mail server to send out mail from an @domain.com address, then any system that checks SPF (i.e. Gmail, Hotmail, AOL, etc) would view this message as a likely spam message, because the sending source is not listed in the SPF record. Now just how much weight is put on this failed SPF lookup remains to be determined. I'm not sure if Gmail really puts a lot of weight on it, but I do know they check for SPF.
Hope this helps.