Just as an update.
I tweaked the SPF TXT entry to:
"v=spf1 a:_spf.clearbooks.co.uk a:spf.protection.outlook.com -all"
and still the warning comes up on emails.
Just a bit of history, I tweaked the CB setting from SMTP delivery to use my SMTP server using my credentials, hoping this would reduce the number of emails arriving in clients spam and not being paid on time. I believed that asking CB to log onto my SMTP would negate trust issues. But it seems for some reason, Microsoft don't trust you login in as me and suggesting perhaps you've stolen my credentials?!
So I have reverted to you delivering my emails directly, and thus using the current SPF TXT entry, and as before I switched, I do not see any more warnings. But, and time will tell, too high a number may end up in spam folders.
So it seems, that allowing you to send email directly using SMTP, emails are sent directly to the Mail Host as defined by MX records, and these hosts are checking SPF records and allowing the email in. But, potentially, using various black lists and heuristics, are marking email as spam, or perhaps the local email client is - hard to tell.
Sending emails using my credentials however, it seems Microsoft are the agent handling the receiving (from you) and 'passing on' to the client MX host. And in doing so, they don't check SPF records, and interpret your email as 'curious'.
Does that make sense?