Some of my customers DMARC policies are rejecting emails from my Syncro Tickets

Hi all. I'm going to be brutally honest, I only learned about DMARC recently but have always had SPF and DKIM configured for myself and clients (as I'm a small IT shop). Here's the story, my DMARC policy is set up like this: Type: TXT Host/Name: _DMARC.website.com Value: v=DMARC1; p=quarantine; rua=mailto:email@website.com; ruf=mailto:email@website.com; fo=d:s; pct=100; ri=7; adkim=r; aspf=r My SPF record is set up like this: v=spf1 include:_spf.google.com +ip4:168.245.102.208 ~all What confuses me is if my SPF policy includes obviously my primarily mail server (Google Workspace in this instance), but an IPv4 address, which is utilized by Syncro Service where tickets are emailed from, clients messages sometimes get rejected and caught as SPF fraud (specifically on some of the ProofPoint mail protection services). Is this because the mail may be sending from alternative IP's that Syncro mail servers use? Should I be using "email.syncroemail.com" instead of the IPV4 in my SPF record? Would this resolve my issues with emails being rejected thinking they don't have authorization to send on my domains behalf? Any help would be appreciated.