To add to beekeeper’s response, the compliance percentage displayed in our dmarcian portal is based on successful DMARC compliance, meaning the individual DKIM and SPF checks are passing, but the identifiers are also in alignment.
The identifiers (the domains) alignment is where the domains used for SPF checks (return-path domain) and the DKIM signing domain (d= tag, also the domain hosting the public key) are aligned with the domain found in the From: header. Aligned means they are the same, or of the same org domain, depending on if you are using relaxed or strict alignment.
Since by default iContact uses their own domain for both the return-path address and DKIM signing, this means although their domain is correctly configured to pass a SPF and DKIM check (SPF and DKIM raw column in the detail viewer), the domain is not aligned with yours used in the From: header. The configuration steps provided by beekeeper will change the DKIM value to your domain once the changes are done in DNS and you reach out to their support.
I hope this provides a bit more context and helps understand our reporting more.