There can be multiple cases for this. The most common cases include:
1. Syntax issue with subdomain added in the "Host" or "Name" section. DMARC needs to be implemented on the _dmarc.yourdomain.com subdomain. Make sure you got that right. Some DNS Zones will not inherit but overwrite the subdomain name once added in the "Host" section. (For e.g. when you input your whole subdomain "_dmarc.yourdomain.com", some DNS zones will read that as _dmarc.yourdomain.com.yourdomain.com, which invalidates your DMARC Record.
To fix this, simply remove your domain name and just keep "_dmarc".
E.g with screenshots
Before:
After:
2. You have multiple DMARC Records implemented in your DNS. Make sure you have only one DMARC TXT Record per your root/subdomain level.
3. You are still with the DMARC None policy (Monitoring mode), and you are getting an error indicating, "DMARC record is valid, but you are not protected against email spoofing and phishing". This is a just warning sign from our side that your DMARC Policy is not enforced, and your domain is still open to any spoofing attempts.
Important: It is crucial for organizations to begin with a policy of p=none when setting up DMARC, and only progress to stricter policies like p=quarantine or p=reject once they have ensured that all legitimate sources are correctly configured. This step is essential to prevent any potential issues such as false positive bounce backs and unsuccessful email deliveries. It is a best practice that everyone should adhere to.