Currently for the so called canonical domains (https://wikitech.wikimedia.org/wiki/HTTPS#For_the_Foundation's_canonical_domainnames) we have SPF records for 2/14 domains:
- wikipedia.org
- wikimedia.org
- wiktionary.org
- wikiquote.org
- wikibooks.org
- wikisource.org
- wikinews.org
- wikiversity.org
- wikidata.org
- wikivoyage.org
- wikimediafoundation.org
- mediawiki.org
- wmfusercontent.org
- w.wiki
If those 12 domains do not have a SPF record because they are not being used to send email then according to http://www.openspf.org/SPF_Record_Syntax they should have a SPF record forbidding sending email: v=spf1 -all" or they lack a proper SPF record like the one configured for wikipedia.org or wikimedia.org