SPF Hard fail vs Soft fail?

SPF failure occurs when the sender IP address is not found in the SPF record. This means the email is sent to spam or discarded.

If DMARC is not implemented :-

SPF Softfail (~all) – The tilde “~” in front of “all” means that any servers not listed in SPF record should be treated as a softfail, ie. mail can be allowed through but should be tagged as spam or suspicious. 

SPF Softfail example:
v=spf1 include:spf.protection.outlook.com ~all

In this case the include:spf.protection.outook.com authorizes Office 365 to send emails. Any emails originating from different servers should be marked as spam by the receivers.

SPF Hardfail (-all) – The minus “-” in front of “all” means that any senders not listed in SPF record should be treated as a hardfail. This means they are unauthorized senders and emails from them should be discarded.

SPF Hardfail example:
v=spf1 ip4: -all

In this case only the IP address is authorized to send emails.

If DMARC is implemented :-
DMARC ignores the nuances of softfail and hardfail in your SPF configuration i.e. ~all and -all are treated equivalently as a SPF fail.