DMARC reports provide valuable information about unknown or threatening email sources that have sent emails on behalf of a domain, but lack SPF records or DKIM signatures. The main goal is to convert these legitimate sources into being part of the domain's SPF record or having a DKIM signature, which can be a time-consuming process. However, it's recommended to monitor DMARC reports for an extended period before setting a reject policy, as this allows for the identification and conversion of unknown sources. A key aspect of DMARC is that a message only needs to meet one of two criteria (DKIM or SPF) to be aligned with DMARC, not both, which can help resolve issues with SPF records being invalidated in transit. By covering sources with both SPF and DKIM when possible, it's possible to maintain alignment even if the SPF record is compromised.