As I understand forwarding is has to do with the recipient forwarding the email either automatic or manual.
Manual forwarding won’t break dmarc.
Automatic can break DMARC.
I have the following two example where dmarc breaks. I’m not sure want I can do about it. Do you have any suggestions?
Correct. When a user forwards an email from their client, they are creating a new email using their own account and its domain, and including the content of the forwarded message either in the body of their email, or as an attachment. This means that any DMARC evaluation will be based on the email domain of the account that is forwarding the email.
Yes, and the only DMARC method that will survive that type of forwarding is DKIM. If those are indeed emails being sent on your behalf, you will need to DKIM sign them if you want them to survive automated recipient forwarding.