As of Q4 2023, Google and Yahoo are requiring DMARC to be set on the sender side, for many emails to be delivered. Some Office 365 tenants have exhibited similar behavior.
The following TXT record contents:
v=DMARC1; p=quarantine; pct=100; adkim=s; aspf=s
indicate that both DKIM and SPF are checked, and any email not satisfying both entirely, will be marked such that a spam filter should quarantine it. The =s means “strict”; there is a “relaxed” mode, =r, which allows subdomains. But if you have to allow for some email to be transmitted without DKIM, e.g. from a web site’s or application’s email generator, go with either this:
v=DMARC1; p=quarantine; pct=100; aspf=s
which does not look at DKIM; or if you must, this:
v=DMARC1; p=none
which is a kind of ‘null’ DMARC, it’s a placeholder such that DMARC exists, but doesn’t do anything. At least one cloud-application vendor is recommending this, but it’s far from clear how Google, Yahoo, and other machines will respond to it, either now or in the future.
To use the above, create a TXT record of name _dmarc
with chosen contents.
Some more info is here: