We're sending emails. We're sending thousands of emails per day because we have our customers who'd like to be informed by us (and we do have their consents ;) ).
And we've just enabled DMARC with p=none to see what will happen. And here it comes:
<?xml version="1.0"?>
<feedback>
<report_metadata>
<org_name>Yahoo! Inc.</org_name>
<email>postmaster@dmarc.yahoo.com</email>
<report_id>report.id.here</report_id>
<date_range>
<begin>1545350400</begin>
<end>1545436799</end>
</date_range>
</report_metadata>
<policy_published>
<domain>our-email-domain.tld</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>none</p>
<pct>100</pct>
</policy_published>
<record>
<row>
<source_ip>209.85.221.48</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>our-email-domain.tld</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>gmail.com</domain>
<result>neutral</result>
</dkim>
<spf>
<domain>gmail.com</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
<record>
<row>
<source_ip>212.227.15.3</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>our-email-domain.tld</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>srs.web.de</domain>
<result>neutral</result>
</dkim>
<spf>
<domain>srs.web.de</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
<record>
<row>
<source_ip>212.227.15.3</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>our-email-domain.tld</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>web.de</domain>
<result>neutral</result>
</dkim>
<spf>
<domain>web.de</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
<record>
<row>
<source_ip>OUR.MX.IP</source_ip>
<count>175</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>pass</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>our-email-domain.tld</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>our-email-domain.tld</domain>
<result>neutral</result>
</dkim>
<spf>
<domain>our-email-domain.tld</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
<record>
<row>
<source_ip>77.238.176.162</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>our-email-domain.tld</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>our-email-domain.tld</domain>
<result>neutral</result>
</dkim>
<spf>
<domain>our-email-domain.tld</domain>
<result>softfail</result>
</spf>
</auth_results>
</record>
</feedback>
This is a report from Yahoo, and I see pretty similar reports from Google and many other ESPs.
What will happen to all of these emails when I turn p=quarantine? I can understand if one wants to receive emails from all his maiboxes in one. What I can't understand - why ESPs analyze DKIM/SPF when transferring messages between their own hosts? Policies supposed to fail in this case and recipient will receive it in Spam in case of p=quarantine, no?
To answer your specific questions:
There are many examples of when these situations occur. Simple forwarding rules to receive your work email in your personal email box is one. Another one is when your company (as the recipient) uses GSuite and uses Groups (distribution lists) to forward emails to their final destination, the users. Google will report on this in DMARC as well.
Another common case is when external email security filters forward inbound emails to an email server that checks for DMARC compliance and sends reports.
What will happen to all of these emails when I turn p=quarantine?
Generally, DMARC will pass when either SPF or DKIM generate a pass result in alignment with the Header.From domain, found in the <identifiers> node in the XML report. Those results are listed in the <policy_evaluated> node.
In all of your examples, the <policy_evaluated> results show a DKIM Pass result, so it should pass DMARC. However, in your examples all of the DKIM evaluations in the <auth_results> node show a neutral result for DKIM, including the one sent from your MX record IP address.
RFC 7601 states the following on a neutral result for DKIM:
neutral: The message was signed, but the signature or signatures contained syntax errors or were not otherwise able to be processed. This result is also used for other failures not covered elsewhere in this list.
This could be a specific issue with Yahoo's DKIM checker, but best to check the DKIM status in Google's (and others) DMARC reports as well.
Final advice: Go check the DKIM results in other DMARC reports before moving to p=quarantine.