I have email routing setup to forward to iCloud email. A number of emails appear to be being rejected by iCloud:

e.g.

Unknown error: permanent error (554): 5.7.1 Your message was rejected due to alertshub.ft.com’s DMARC policy. See Postmaster information for iCloud Mail - Apple Support for info

DKIM and SPF are both shown as passing.

This appears to happen across a number of different email sources and only appears to happen when Cloudflare email routing is an intermediary

Do you have a snippet of the Authentication-Results header from the failing emails?

Cloudflare rewrites the RFC5321.MailFrom field on an email so it won’t be aligned with RFC5322.From - restrictive DMARC policies can cause this to be a failure.

https://developers.cloudflare.com/email-routing/postmaster/#sender-rewriting

https://developers.cloudflare.com/email-routing/known-limitations/#restrictive-dmarc-policies-can-make-forwarded-emails-fail