I haven’t looked into what should happen to a message that is forwarded but I find this quite an interesting entry in a recent aggregation report. Why should this email (and I obviously have no idea what it is) be handled this way? The IP is an MX of synapse.ne.jp which has a neutral SPF policy (if that matters).
<record>
<row>
<source_ip>202.208.174.114</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>fail</spf>
<reason>
<type>forwarded</type>
<comment>looks forwarded, not quarantined for DMARC</comment>
</reason>
</policy_evaluated>
</row>
<identifiers>
<header_from>mrp.net</header_from>
</identifiers>
<auth_results>
<spf>
<domain>mrp.net</domain>
<result>fail</result>
</spf>
</auth_results>
</record>