I am shocked the ESG product does let you reject email based on SPF hard fail. It lumps the option in with a soft fail which really makes the feature worthless. Dropping emails based on SPF soft fails is a very bad idea and is going to cause a tremendous amount of problems. This is something I would like to see changed. These options need to be separated.
Perhaps this has already been discussed, if so I apologize.