Glossary

DMARC Policy — none, quarantine, reject Explained

A DMARC policy (the p= tag in your DMARC record) tells receiving mail servers what to do with emails that fail DMARC checks. There are three policy levels: p=none (monitor only, deliver everything), p=quarantine (send failures to spam), and p=reject (block failures entirely). Start with p=none and progressively tighten after reviewing aggregate reports.

The Three Policy Levels

p=none — monitoring mode. Failures are reported but all email is delivered. Safe starting point.
p=quarantine — failures go to spam folder. Partial protection.
p=reject — failures are blocked entirely. Full protection. Use only after confirming all legitimate senders are aligned.

Recommended Rollout

Week 1-4: p=none + rua= reporting
Week 4-8: p=quarantine (review reports first)
Week 8+: p=reject (once all senders clean)

Check your live DMARC TXT

Open DNS Preflight →

Also read: DMARC · DMARC alignment · DNS Preflight

FAQ

What is DMARC policy?

The p= tag in your DMARC record that tells receivers what to do with emails failing DMARC — monitor, quarantine, or reject.

What is the safest DMARC policy to start with?

p=none — it collects reports without affecting delivery. Use it to identify all your legitimate senders before enforcing.

When should I move to p=reject?

After at least 2-4 weeks of DMARC aggregate reports showing all legitimate senders are aligned with no failures.

← All glossary terms