We have some checks in place that will fail the trusted sender if there is a SPF_FAIL, SPF_SOFTFAIL, or DKIM_FAIL.
I tested this behavior on our server and these were the relevant headers.
X-SmarterMail-Spam: SPF_SoftFail, DKIM_None
X-SmarterMail-TotalSpamWeight: 3 (Trusted Sender - Contact, failed SPF)
The behavior you pointed out, was that on the latest release?