P=Reject when using hosted email security?

We are aiming to set a DMARC policy of P=Reject on our domain but a third-party tool we use to monitor DMARC reports (Dmarcian) shows that outbound emails sent by/through Hosted Email Security are only 85% compliant.
It looks like the Sonicwall sends out 15% emails with the organisation From: address, but SPF address of e.g. ams0vm-hesra06.colo.sonicwall.com and no DKIM
I can't tell what these emails might be because I can only see summary reports
Has anyone else got P=reject implemented?
Thank you
Category: Hosted Email Security
0