This thread has prompted me to look at my opendmarc log records - these cover all incoming mails to my mailservers, not only those from senders that use dmarc. Helpfully, the logs show the pure spf test results; these actually come from policyd-spf which I run with 'defaultSeedOnly = 1' so it merely adds headers to be read by opendmarc and does not actually block anything.
I find that there are very few spf 'hard' fails [code 7] (34 out of >45000) and about half of these are clearly from legitimate senders with misconfigured spf. There is a higher level of softfails [code 2] (252) of which the vast majority are clearly from legitimate senders. I conclude that, for me, blocking on the basis of spf would have a negligible effect on my incoming spam and an unacceptable level of false positives. Obviously other people's mileage might vary.
