Why doesn't inbound DKIM failure result in a bounce?

I’m a bit mystified why this is the default policy:

X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	T_KAM_HTML_FONT_INVALID autolearn=no autolearn_force=no version=3.4.0
	* -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
	*      [ listed in wl.mailspike.net]
	*  0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted
	*      Colors in HTML
	*  0.0 HTML_MESSAGE BODY: HTML included in message
	* -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
	*      [score: 0.0000]
	*  0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
	*      valid
	*  0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
	* -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
Received: from vps.lawyer-monthly.com (ds-151.ukdns.biz [])
	by mail.example.com (Postfix) with ESMTP id D28FB41980
	for <info@example.com>; Fri, 22 Sep 2017 10:07:51 +0100 (BST)
Authentication-Results: mail.example.com; dmarc=none header.from=example.net
Authentication-Results: mail.example.com; dkim=permerror
	reason="key not found"
	header.d=example.net header.i=@example.net
	header.b=jmhD/l2s; dkim-adsp=none (unprotected policy);
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=example.net; s=fm;

What’s the point of going to the effort of checking DKIM on inbound if you’re not going to do anything with the result? Admittedly, it doesn’t have a DMARC policy to say what to do with it, but I think it would make sense to reject it, or at least give it some bad spam points at the very least.

How can I configure it so that DKIM failures default to rejection if there is no DMARC policy?