Nameservers point hosts and domains to the appropriate IP addresses through what are called "A" records. If the host you are creating SPF data for has an A record pointing it to an IP, which most should, and the machine at that IP sends email for the domain, you should include "a" on its own within the SPF data. For the sake of the example let's assume that you have opted to use the "softfail" option for the default mechanism. At this point the SPF data would be as follows:

This would allow only the server at the IP your domain points to to send email for the domain, any other email would be flagged as having failed the SPF check.

You can also use the "a" mechanism to point to servers outside your domain by including the specific domain or hostname you want to send from. For example, if you also send email through a specific server, mail.server.com for example, you would enter a:mail.server.com in the SPF data. That would only be a match if the email came from the exact IP that hostname is pointed to, so if there was a cluster of mailservers there, you would want to specify the CIDR block which includes that group of IPs. In this case the SPF data might look like: