This is a known issue, and will hopefully be resolved in some months as part of an overall service migration. Can't predict at the moment exactly when it will be done.
I can't see any IETF standard which requires DMARC (or SPF), so anyone declaring mails as spam just because these are missing is doing this based on their personal decision.
On my personal email server I believe I'm using a vanilla spamassassin config (current version, using the Debian package which usually doesn't wildly change defaults), and for email sent by virtualbox.org I don't see AUTHRES_DMARC_FAIL,SPF_HELO_NONE,SPF_NONE, and the mail isn't flagged as spam.
But, the domain virtualbox.org has a DMARC record (with p=none), so someone put it there...
With p=none, it gives the receiver of the domain the option to choose if an email will be rejected on DMARC fail, thus my email server will definitely reject virtualbox.org emails due to this failure. I suppose others have a similar setup.
I also know that gmail and hotmail have started placing such emails to the spam folder, but I don't know if they reject them entirely, this needs further investigation.
Whoa... so something actually changed in DNS since I last checked. The DMARC entry creation apparently was done without any sanity checking, because there's no SPF entry (which is a prerequisite), and the outgoing mail server doesn't sign the messages.
I don't really have time for this right now, but I can see now that I have to...
virtualhuman wrote:gmail and hotmail have started placing such emails to the spam folder
I use a Gmail account for the forum and suddenly got all forum emails going to spam, too, some few months ago. Had to turn off the spam filter...
gmail has made several changes, for example, in the past it was possible to have duplicate headers (even though they are not allowed by the RFC spec) gmail was a bit soft on those requirements. After a recent change, emails with duplicate headers are completely rejected.
I really like SPF, it makes my life a lot better... I see thousands of fake @fedex.com emails, all failing SPF at the smtp level. SPF is awesome that way
At last... after a lot of detours (the prep work wasn't that bad, other things were in the way) virtualbox.org has both an SPF and DMARC record, with the DMARC one enforcing signed messages (they've been all signed since sometime last year already). The first DNS change was on Friday (and unfortunately ended with syntactically incorrect SPF and DMARC entries), and the follow-up one about 24 hours ago resolved this for good I hope.