SES sometimes let's mail through with a passing spam verdict, but a DMARC fail. I think we should consider all DMARC fails spam - in my experience the majority are, and legitimate but misconfigured mail is relatively rare. (And if it's misconfigured, surely the 'spam' tag making you slightly more alert to it being potentially untrustworthy is welcome.)
Also, probably no need for separate SPF/DKIM tags. An SPF fail can be perfectly valid with a DMARC (via DKIM) pass.
SES sometimes let's mail through with a passing spam verdict, but a DMARC fail. I think we should consider all DMARC fails spam - in my experience the majority are, and legitimate but misconfigured mail is relatively rare. (And if it's misconfigured, surely the 'spam' tag making you slightly more alert to it being potentially untrustworthy is welcome.)
Also, probably no need for separate SPF/DKIM tags. An SPF fail can be perfectly valid with a DMARC (via DKIM) pass.