Issue
Email Delivery from Acquia servers does not work when domain has a DMARC record.
v=DMARC1; p=reject; fo=1; rua=mailto:dmarc_rua@emaildefense.proofpoint.com; ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com
which includes
DMARC stands for Domain-based Message Authentication, Reporting & Conformance. This standard uses Sender Policy Framework, (SPF) and DomainKeys identified mail (DKIM) to ensure an email was authorized by the owners of the domain.
Resolution
If the DMARC record policy is anything other than "p=none;" email from Acquia Email servers will fail. Acquia recommends the use of a third party email service if the use of DMARC is required.
Cause
Acquia email servers only support SPF. Because DMARC implies the domain also uses DKIM, email messages sent from Acquia email servers will fail the test. Follow our instructions on setting up SPF records to mark Acquia as a valid sender of email.
The DMARC record for a domain will specify what action to take if an email fails. It will either specify 'none', 'quarantine', or 'reject'.
'None' will allow email that fails to go through. 'Quarantine' will place all mail that fails in quarantine. 'Reject' will bounce failing email back to the sender.
Here is an example DMARC record:
v=DMARC1; p=reject; fo=1; ri=3600; rua=mailto:xxx@example.com
v=DMARC1;
This states that this is a DMARC record.
p=reject;
Is the policy statement and this indicates what action should be taken for failures.
rua=mailto:xxx@example.com
This address is used to aggregate feedback.