SPF, DKIM and DMARC are three independent features in Hosted Email Security. You can enable or disable those features based on your requirements.
The following are typical scenarios for your reference:
DMARC enabled only
Hosted Email Security performs its own SPF check and DKIM signature check before alignment check.
SPF check, DKIM verification and DMARC authentication enabled at the same time
Hosted Email Security checks the sender domain for each inbound email message. If a message does not pass the SPF check, the default action is to delete the message. If the message passes the SPF check, Hosted Email Security verifies DKIM signatures in the message. If the message does not pass DKIM verification, the message will be deleted, quarantined or delivered depending on the action configured. If the message continues to the next step in the delivery process, Hosted Email Security implements DMARC authentication on the message.