SPF is a DNS record to tell other email servers that emails from the designated email servers are permitted. If emails are not originated from the mentioned email servers in the SPF, they are likely impersonated, not genuine or spam emails. At the end of the SPF statement, you will see these syntaxes – ~ ?, the common one is ~ follows by a like this ~a meaning ‘softfail’ marked the email and higher spam score if the email has violated SPF preset in the sender DNS record.
SPF is used to fight spam emails if the emails were sent from an unauthorized mail server with a probably compromised email account. It is easy to explain or interpret to a technical person. However, it is not the case for a non-tech person. For the last 20 years, I have seen many have sent emails using other email servers. These senders have more than 1 email account set in their email client application. Unknowingly, these senders sent out emails using another email server which is not authorized and eventually, the email is marked as spam or bounced.
SPF is effective to fight spam emails. But on other hands, an email can be marked as spam email mistakenly. I have mixed feeling on this. SPF set by the email server admin is used to fight spam emails, however, it can be a double-edged sword in this case. So, it is unsafe to use ‘-a’ but ‘~a’ softfail at least the email will not return in the event if the sender has used the wrong email server to send his or hers’ emails.