I spoofed my own email address to check how Proton would handle it. ProtonMail delivered the spoofed email to my Spam folder instead of respecting the DMARC record to reject the email delivery.

According to RFC 7489:
"A Mail Receiver implementing the DMARC mechanism SHOULD make a best-effort attempt to adhere to the Domain Owner's published DMARC policy when a message fails the DMARC test."

Proton is making users less secure by not adhering to the DMARC records which request rejecting spoofed emails.