Identifying who sent a non-compliant email

Hi, I have one email source,from PostmarkApp which has 0% DMARC, 0% SPF and 0% DKIM. This source shows up intermittently, with a message count of 1. I’ve reviewed all of the apps in our software service stack and can’t determine the source. It’s servers can’t be tied back to anything in our stack. Is there any way to capture who sent it?
BTW, all others senders in our stack (in our behalf) have been identified and are 100% compliant.

DMARC failure/forensic reports (ruf=) typically contain headers from non-compliant mail, so with a bit of luck you may be able to collect info about sender address(es) and email subject from those.

As that info can be considered PII you should probably do a DPIA (GDPR) before you decide how to handle reports, and which ruf=mailto address to use.