The question is slightly unclear: you say you have multiple webservers, but you don't say that you have multiple servers serving your naked domain name's website (eg, http://example.com) and that all of them are returned when you look up the naked domain name. Provided the latter is true, yes, you can do what you propose: a
on its own (or +a
, for they are equivalent) translates to permit all the IP addresses that are returned when I resolve the naked domain name of the address in question.
As for mixing a
and include
, this is also fine. Again, as the canonical answer makes clear, if either the a
or the include
provides grounds for acceptance, the policy will recommend acceptance of the email; otherwise, processing will continue on the rest of your record, eventually ending up with your default policy.
May I add in passing that there is no point in doing SPF if you're going to leave the policy as ~all
? It's covered in more length in our canonical answer, but the short version is that nobody cares which IP addresses are allowed to send mail from your domain. We only care which addresses are not allowed to send it, so we can drop email from those. Some local admins even consider a policy of ~all
a sign of spam, and weight their mail filters accordingly.