DMARC is something that “can pass” without having a record set, however, some email clients, when dmarc would fail, if they don’t have a record to tell them what to do under that condition, will default to the “safest” choice of either denying the email or sending it to junk. So the record is more to ensure there is an instruction available in the event the client needs to know what to do to prevent it from defaulting to it’s worst case scenario.
So a DMARC record (which is a TXT record on the DNS server) will look something like:
v=DMARC1; p=none; rua=mailto:firstname.lastname@example.org
the ‘v’ and ‘rua’ parameters are required. They identify what we’re talking about. ‘p’ (and ‘sp’ for subdomains) will tell a client what action to take. In the example, if dmarc fails, it is to do nothing other than to log the incident.
So essentially, in the event that both dkim and spf fail (which can still happen even if the records for each are correct) then dmarc is told not to worry about it. In the same situation, however, if both fail and dmarc record does not exist, then it would be left up to the email client’s discretion, which as stated, may be just to throw the email out or send it to junk.