> spec is written quite vague and heavily suggests that inserting "l=" is mandatory
RFC [1] suggest the opposite: "To avoid this attack, Signers should be extremely wary of using this tag"
> message valid when either SPF or DKIM passes
DMARC is already fragile with many legit messages failing DMARC after a forwarding (redirecting) by a mail servers (which change headers and/or body to varying degree with MS mail products being among the worst). If you would require both SPF and DKIM pass even more legit messages will fail DMARC check so more servers will have to ignore it results.
RFC [1] suggest the opposite: "To avoid this attack, Signers should be extremely wary of using this tag"
> message valid when either SPF or DKIM passes
DMARC is already fragile with many legit messages failing DMARC after a forwarding (redirecting) by a mail servers (which change headers and/or body to varying degree with MS mail products being among the worst). If you would require both SPF and DKIM pass even more legit messages will fail DMARC check so more servers will have to ignore it results.
[1] https://datatracker.ietf.org/doc/html/rfc6376#section-8.2