Actually SPF is just a text record, with some "hints" to let you know if an IP address or mail server is "allowed/Authorized" to send email for that domain. It doesn't tell you anything about an individual email address in that domain..
for example
[doon@qix:~] host -t txt labratsoftware.com
labratsoftware.com descriptive text "v=spf1 a -all"
The SPF record for one of my domains says that only the a record for the domain is authorized to send email for labratsoftware.com, and that if it doesn't come from that IP then it should be rejected (-all).
So the best you can do with SPF is tell that a received email came from an authorized host, and then use that information to help decide if you want to reject it or not.
The best way To test the validity of an email address you have, is to email it, and see if it bounces. You can use options like VERP (http://en.wikipedia.org/wiki/Variable_envelope_return_path) to automate the bounce handling. You can also try and connect to the MX records listed for the domain and try to deliver a message that way. Some Mail servers support verify (But most admins disable this to prevent information leakage). You can use RCPT TO to see if the server accepts it, but even if it does , you have no way of knowing if it will actually make it to their INBOX. My guess is that is what the API you are currently using is doing. And unknown are just ones that either don't answer, greylist, etc.