A receiver may decide to override the policy that you have specified in your DMARC record.
An example is when you have a policy of reject (p=reject) and the email you send goes through a mailing-list which breaks both SPF and DKIM. In this case DMARC will fail, however the receiver may decide to override your policy and accept the email. Some of the common DMARC overrides are described below:
forwarded: Message was relayed via a known forwarder, or local heuristics identified the message as likely having been forwarded. There is no expectation that authentication would pass.
local_policy: The Mail Receiver's local policy exempted the message from being subjected to the Domain Owner's requested policy action.
mailing_list: Local heuristics determined that the message arrived via a mailing list, and thus authentication of the original message was not expected to succeed.
other: Some policy exception not covered by the other entries in this list occurred. Additional detail can be found in the PolicyOverrideReason's "comment" field.
sampled_out: Message was exempted from application of policy by the "pct" setting in the DMARC policy record.
trusted_forwarder: Message authentication failure was anticipated by other evidence linking the message to a locally-maintained list of known and trusted forwarders.
Source: “Descriptions of the PolicyOverrideTypes”
Some of the above overrides can be found in the Delivery tab under the Reports section of OnDMARC. This is the section where we break down the reasons for delivery of your emails.