Yes, you can rely solely on Sender Policy Framework (SPF) while implementing Domain-based Message Authentication, Reporting, and Conformance (DMARC). However, it is important to ensure you pass SPF and are aligning correctly. If SPF fails and if you have a DomainKeys Identified Mail (DKIM) neutral result, your DMARC result will be designated a failure.

Return Path recommends you always sign DKIM on email so that if SPF fails, as it does during a forwarding event, DMARC is still able to pass.