Matthew, I would suggest talking to the folks at Agari and Dmarcian (both are linked from dmarc.org/resources). I intentionally kept the presentation away from endorsing any particular vendors - partly because they change over time and partly because I think that's the right thing to do at a general tech conference.
The advice that others have provided about the risks of asserting any policy more rigorous than p=none for the entirety of an EDU domain is well founded. If you have particular email streams which require higher levels of protection, such as financial statements or account/personal information, then the best practice is to send those from a subdomain which has the higher policy bar (quarantine or reject). As suggested, no personal mail should be part of that stream and you may have to deal with a recipient base (students) who are somewhat more likely to make use of email forwarding, hence falling into one of the higher risk groups for DMARC failures. --Kurt
_______________________________________________ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop