dkim soft fail

Last week I made a research on email deliverability:
How dmarc works with Google Mail and Office 365 in 2020

These results made me think that both Google Mail and Office 365
do not consider important if the DKIM signing domain is different from the sender,
as long as the message is authenticated with SPF, it will reach the inbox:

Google Mail Office 365
spf Pass - dkim diff - dmarc reject inbox inbox
spf Fail - dkim diff - dmarc reject dsn=5.0.0, stat=Service unavailable junk
spf SoftFail - dkim diff - dmarc reject dsn=5.0.0, stat=Service unavailable junk
spf Neutral - dkim diff - dmarc reject inbox inbox
spf none - dkim diff - dmarc reject dsn=5.0.0, stat=Service unavailable junk

I don’t know why I was convinced that both spf and dkim should refer to the same domain.
Searching on the internet I’ve found this on “Domain alignment”:

DMARC requires that at least one of the domains is authenticated by SPF or DKIM  
to "align with" the domain found in the "from" header address

In fact, SpamStop almost always gave the warning “dkim-diff”
to the messages coming from Google Mail and Office 365.

Now it has been fixed, I’ve called this behaviour “dkim soft fail”.
SpamStop dkim check - when the message has been signed using a different domain,
the “dkim-diff” alert will NOT be displayed if the sender (“from”) passes the SPF check.

The tester has also been updated: dkim check online
When this particular case happens, the result will show:
|~OK| spf-pass |~OK| dkim-diff |~OK|

Having both SPF and DKIM aligned with the from domain makes even more sense,
since the SPF check could be broken by email forwarding,
while DKIM signature remains unchanged, tied to the message.