You need to have separate SPF records for each subdomain you wish to send mail from.
The following was originally posted on openspf.org, which used to be a great resource for this kind of thing.
Latest link http://www.open-spf.org/FAQ/The_demon_question/
The Demon Question: What about subdomains?
If I get mail from
pielovers.demon.co.uk, and there's no SPF data for pielovers, should I
go back one level and test SPF for demon.co.uk? No. Each subdomain at
Demon is a different customer, and each customer might have their own
policy. It wouldn't make sense for Demon's policy to apply to all its
customers by default; if Demon wants to do that, it can set up SPF
records for each subdomain.
So the advice to SPF publishers is this: you should add an SPF record
for each subdomain or hostname that has an A or MX record.
Sites with wildcard A or MX records should also have a wildcard SPF
record, of the form: * IN TXT "v=spf1 -all"
This makes sense - a subdomain may very well be in a different geographical location and have a very different SPF definition.
The 'include:' directive for SPF may be used to provide all subdomains with the same entries. For example, on the SPF record for subdomain mailfrom.example.com enter 'include:example.com'. In this fashion whenever you update the definition for example.com your subdomains will automatically pick up the updated values.