When a DMARC policy is set to have policy p=reject : what is the exact scenario under which the DMARC-aware receiving server actually does reject the message?
1. DKIM and SPF fails
2. Only DKIM fails
3. Only SPF fails
In brief, the answer is 1. Both must fail for rejection.
if *either* DKIM or SPF pass and are correctly aligned, then the DMARC policy is a 'pass', the p=reject will not be in force.
On the flip side, if either fail, then Agari gets details reported to us if your DMARC reporting addresses point to us and the receiving service supports the standard.