As mentioned above, I think it is due to the fact that SPF may be too broad, as in softfail SPF (defined here https://datatracker.ietf.org/doc/html/rfc7208#section-2.6.5).

Based on the RFC, for the rest of possible SPF configurations (more strict), SPF record would be enough. But I am guessing based on the RFC document and my experience.