What use is SPF for email security in a cloud / SAAS world

I've just set up sending emails from my domain with Google workspace, and have just learned about SPF, DKIM, and DMARC. I'm wondering, what use is SPF in the modern internet. Probably half the internet is already sending emails from a google IP address, and if they aren't it's trivial for them to start. And as I understand it, DMARC passes if SPF or DKIM pass, which only makes it as strong as the weaker of the two.

What am I missing here? Thanks.

I agree that half or more of worldwide email is probably sent through shared infrastructure, including ISPs, freemail providers (Google, Yahoo, and Microsoft), and multi-tenant cloud providers (especially the corporate options from Microsoft and Google).

As the Forward Pass paper proved, SPF does not work with shared infrastructure. It does, however, work fine with dedicated IPs. This can alleviate the need to set up DKIM on a less important (but still secured) server that just sends mail with cron jobs and other operational contexts.

I suggest an SPF record like v=spf1 a:www.example.com ?include:_spf.google.com ~all where www.example.com is a (non-shared!) non-mail server that happens to send some cron jobs but doesn't have DKIM set up. The entry's ?include means its included entries are SPF-neutral (not passing, not failing). Anything sent through Google should be DKIM-signed, so it should pass DMARC just fine—but don't forget to verify that before enabling a DMARC p=reject policy!

(Having an empty SPF record, or worse, one that denotes the shared infrastructure you've intentionally omitted should be failed or soft-failed, is harmful to your ability to deliver mail. I do not recommend those paths.)