Partial SPF fails in most DMARC reports

Questions:
Why <spf>fail</spf> in the 'policy evaluated' section (far below)?
Do I need our spf record to 'include' a domain of yours as well as the current reference to ip4:148.105.8.0/21 CIDR address block we currently have published?

Is it possible you to include a sender and envelope_from identifier set to match the header_from identifier?  We are getting mismatches between envelope_from and header_from reported in Dmarc reports such as Outlook.

Is there ANYTHING we could adjust in our DNS to improve evaluation of a record like this?

DMARC report from Outlook email host ending May 1, 2024

<record>

   <row>

     <source_ip>208.75.123.114</source_ip>

     <count>88</count>

     <policy_evaluated>

       <disposition>none</disposition>

       <dkim>pass</dkim>

       <spf>fail</spf>

     </policy_evaluated>

   </row>

   <identifiers>

     <envelope_to>hotmail.com</envelope_to>

     <envelope_from>in.constantcontact.com</envelope_from>

     <header_from>ecarebehavioralinstitute.com</header_from>

   </identifiers>

   <auth_results>

     <dkim>

       <domain>ecarebehavioralinstitute.com</domain>

       <selector>ctct1</selector>

       <result>pass</result>

     </dkim>

     <dkim>

       <domain>auth.ccsend.com</domain>

       <selector>1000073432</selector>

       <result>pass</result>

     </dkim>

     <spf>

       <domain>in.constantcontact.com</domain>

       <scope>mfrom</scope>

       <result>pass</result>

     </spf>

   </auth_results>

 </record>