Glossary

DMARC p=none — Monitoring Mode Explained

DMARC p=none is monitoring mode. It means your DMARC record exists but isn't enforcing anything — emails that fail authentication are still delivered to the inbox. You receive daily aggregate reports showing which senders are failing, but nothing is blocked, quarantined, or rejected until you change the policy to p=quarantine or p=reject.

What p=none Actually Does

Two things and only two things:

Tells receivers to deliver all email regardless of authentication result
Sends you aggregate reports showing what's failing and why

That's it. No blocking. No spam folder. No protection against spoofing.

What p=none Does NOT Do

This is the part most guides skip.

p=none does not:

Block spoofed emails from reaching inboxes
Quarantine failing messages
Protect your domain from impersonation
Satisfy DMARC enforcement requirements

If someone is sending phishing emails from your domain right now — p=none lets them through. Every time. See p=none is still a problem and when to leave it behind in our none vs quarantine vs reject post. For the full p= picture, read DMARC policy.

The Correct Record

_dmarc.yourdomain.com TXT

v=DMARC1; p=none;
rua=mailto:dmarc@yourdomain.com

The rua= tag is critical. Without it you get no reports — and reports are the only reason to run p=none. More on report contents: DMARC aggregate report.

How Long to Stay at p=none

2-4 weeks. Long enough to see all your legitimate senders in the reports.

Not months. Not indefinitely. Every day at p=none is another day your domain can be spoofed freely.

What to Do After p=none

Step 1: Read your aggregate reports. Use DomainPreflight DMARC Report Analyzer — paste the XML, see which senders are failing alignment.

Step 2: Fix alignment failures. Any legitimate sender failing alignment needs provider-specific DNS. See the DMARC fix guides.

Step 3: Move to p=quarantine. Once reports show all legitimate senders passing — upgrade the policy.

Step 4: Move to p=reject. After a clean week at quarantine — move to reject. That's real protection.

Background on DMARC and a walkthrough: Learn DMARC.

Check Your Current Policy

Run DNS Preflight on your domain — the DMARC card shows your current policy and flags if you've been at p=none longer than expected.

Check your DMARC policy in the browser

Check your DMARC policy →

FAQ

What does DMARC p=none mean?

Monitoring mode — your DMARC record exists but enforces nothing. Emails failing authentication are still delivered. You get reports but nothing is blocked.

Is DMARC p=none doing anything useful?

Yes — collecting daily reports showing who sends email as your domain. But it provides zero spoofing protection. It's surveillance, not enforcement.

How long should I keep p=none?

2-4 weeks. Long enough to identify all your legitimate senders in the reports. After that, move to p=quarantine.

Can attackers spoof my domain with p=none?

Yes. p=none does not block spoofed email. Phishing emails impersonating your domain still reach inboxes. Only p=reject stops them.

What is the difference between p=none and p=quarantine?

p=none delivers everything and reports. p=quarantine sends failing emails to spam. p=none = no protection. p=quarantine = partial protection.

← All glossary terms