This is the most important part. Exchange (due to its history as an X.400 server, not as an SMTP server) does sometimes mangle the message to the point that DKIM simply breaks. This both breaks origin-incoming and forwarded messages.
BTW, Apple also sometimes mangle messages that it fails DKIM, although I do not know why is this the case (as I doubt they use Microsoft Exchange for their mail service).
this is a long standing problem with mailing lists. they are often configured to add a "[...]" prefix to the subject or add a footer, breaking the dkim signature. this leads some more recently updated mailing lists to always rewrite to their own "message from" header, so they control dmarc alignment for their messages.
for incoming email on mailing lists i'm subscribed to, i don't enforce the dmarc policy. i think this is what the parent post hints at. i'm not sure how easy this is to configure with the various mail server software out there. i'm also not aware how you would configure this with sieve scripts (i looked, didn't find it, but it seems like a basic case).
if you're running a mailing list, hoping for all subscribers to not enforce dmarc policy enforcement doesn't seem like a great strategy.
the forwarding case should be easier to keep working.
This is the most important part. Exchange (due to its history as an X.400 server, not as an SMTP server) does sometimes mangle the message to the point that DKIM simply breaks. This both breaks origin-incoming and forwarded messages.
BTW, Apple also sometimes mangle messages that it fails DKIM, although I do not know why is this the case (as I doubt they use Microsoft Exchange for their mail service).