> Case in point: My own domain's outgoing mail flows are 100% DMARC
> compliant. Yet 94% of my endpoint mail *deliveries* fail DMARC, because
> they go through forwarders that are dropping DMARC, DKIM, SPF, or all
> three on the floor.
Then I think your DMARC policy would be incorrect, right?
If your policy says "reject if fail" but you choose to send to and through
forwarders that fail then that is for sure your choice & responsibility,
right?
For me when I receive, if you publish that policy then I follow it.
Also for me, when I send, I expect that servers will follow my published
policy. If they don't and they break the mail, then I really do not care.
For here I'm only interested that Postfix helps me make sure that my policies
are followed whatever they are
AND as is the point of my OP that I do that as most efficiently as possible.
