It allows the administrative owner of a domain to publish a policy on which mechanism (DKIM, SPF or both) is employed when sending email from that domain and how the receiver should deal with failures.So, if a domain has a strict DMARC policy, and a user tries to send from an email they don't have permission to, it can bounce due to DMARC.
I had an instance recently where a customer had white labelling set up for domain "A" but not for domain "B". They tried to send an outreach using a from email with domain "B" that had DMARC set up and all of the emails bounced.
If the customer catches this, they need to either remove all the bounces manually or reach out to us in order to clear them from the backend.
Since I don't believe simply not blacklisting emails bouncing due to DMARC is the answer, I was thinking of some sort of bounce dashboard or notification when a DMARC bounce is found within the event message.
Another crazy thing, if one of our customers sends to an email and it bounces due to DMARC, and then another customer tries to send to them and the email would be successful, it will be skipped since it is on our global bounce list from the other customer. So, we are punishing someone for another customers mistake.
