In the HES/TMEMS tracking logs you observe that some emails are deleted by the SPF rule.
Take note of the sender domain and the IP address that sent the message and verify if the IP address is allowed to send emails from that particular domain by checking its TXT records. You can use, for example, the following command to verify the txt records for a particular domain:
nslookup -q=txt sender-domain.com
By default, HES/TMEMS will delete an email if the sender IP address is not included in the sender domain TXT records and if the the policy is set to hard-fail (-all)
If the IP address is not included in the TXT records and it is a legitimate email, contact the sender of the email so they can fix their SPF records, by either adding the IP address to the records or changing the policy to other than hard-fail (e.g. ~all for soft-fail)