is ispconfig being too strict about DMARC configuration? i have a client who is using office365/exchange for their email, they're using avgcloud.net as mx servers, to receive and spam filter incoming mail in front of office365. they also have an aws setup, and are sending out mail from the same domain through amazon SES. i have office 365 and amazon SES correctly configured in their SPF record. they have someone they send mail to complaining that the mail sent to them through amazon SES is getting caught by their spam filtering, and pointing the finger at the lack of DKIM and DMARC records. my client is not yet ready/sure how to enable dkim in SES or office365, but want dmarc setup using just SPF. so their is currently no dkim selector, no DKIM private key has been generated, their is no public key, and no DKIM dns record. which according to everything i can find online, should be perfectly fine. maybe not as effective, but certainly should be do-able. however i can't configure it in ispconfig. i'm setting the receiver policy as none, valid email addresses for aggregate data and forensic data reporting, selecting only 'generate report if spf failed' for forensic reporting options, and DKIM and SPF identifier alignments are both set to relaxed. but whenever i try to save these DMARC settings, the only response i get from ispconfig is 'no active DKIM record'. i should be able to create a dmarc record even without a dkim record.