In rare cases, needed DMARC mitigations may not be applied.
If the Mailman server implements DNSSEC, it is possible that a DMARC policy record may not be retrieved because of a DNSSEC issue that may not affect a receiver of the message. Thus, to be safe, lookup failures like these should result in DMARC mitigation being applied.