SPF failure occurs when the sender IP address is not found in the SPF record. This means the email is sent to spam or discarded.
If DMARC is not implemented :-
SPF Softfail (~all) – The tilde “~” in front of “all” means that any servers not listed in SPF record should be treated as a softfail, ie. mail can be allowed through but should be tagged as spam or suspicious by the receiving mail server.
SPF Softfail example:
v=spf1 include:_spf.google.com ~all
In this case the include:_spf.google.com authorizes Google to send emails. Any emails originating from different servers should be marked as spam by the receivers mail servers.
SPF Hardfail (-all) – The minus “-” in front of “all” means that any senders not listed in SPF record should be treated as a hardfail. This means they are unauthorized senders and emails from them should be discarded by the receivers.
SPF Hardfail example:
v=spf1 ip4:192.168.10.8 -all
In this case only the IP address 192.168.10.8 is authorized to send emails on behalf of the domain.
If DMARC is implemented :-
DMARC ignores the nuances of softfail and hardfail in your SPF configuration i.e. ~all and -all are treated equivalently as a SPF fail.