Anti spoofing settings-DKIM and SPF

djhurt1

I'm confused on the expected behavior regarding DKIM and SPF failures. In our appliance we have SPF and DKIM validation enabled. SPF is set to Reject on hard fail and DKIM set to store in junk box on fail. Under DMARC settings we have Enable DMARC judgment for incoming messages (DMARC requires DKIM and SPF to be enabled) and  Enable DMARC Policy Enforcement for incoming messages. Does that mean we are ignoring/overriding the sending servers policies entirely even though we have "Enable DMARC Policy Enforcement" ticked? I'm a bit ignorant in this area.