Errors

DMARC p=none — You're Monitoring But Not Protected

p=none means you’re collecting reports — not blocking spoofed mail. Start here — then move to quarantine or reject after you trust your senders.

What p=none does

Collects aggregate reports so you see who sends as you. Doesn’t block or quarantine — visibility without risk.

When to stay vs move

Stay on none for 2–4 weeks while you learn your traffic. Move to p=quarantine when reports look clean — then p=reject when you’re brave.

Fix it step by step

Step 1 Add rua=mailto:… to your DMARC record if missing — you need reports before upgrading
Step 2 Paste aggregate XML into DomainPreflight DMARC Report Analyzer
Step 3 Fix any senders failing alignment before you enforce
Step 4 After 2–4 weeks of clean reports → change p=none to p=quarantine
Step 5 Monitor for a week → if clean, move toward p=reject
Step 6 Run DNS Preflight to confirm the new policy is live

Open the DMARC Report Analyzer

DMARC Report Analyzer →
Also read: DMARC · DMARC alignment

FAQ

Is DMARC p=none bad?

Not for the first weeks — it’s the right starting point. Bad if you stay forever with no enforcement.

Can attackers spoof me with p=none?

Yes — none doesn’t block. Reports show abuse — they don’t stop it.

How do I get aggregate reports?

Add rua=mailto:dmarc@yourdomain.com to DMARC — big providers send daily XML zips.

When is it safe to move to p=reject?

After weeks of reports showing legit senders aligned — use the analyzer to verify.

Will p=reject break my mail?

Only if you still have unaligned legit senders. Fix alignment at none first — then enforce.

← All error fixes

Open DNS Preflight and re-check your zone →