DMARC p= (Policy)
Learn how the DMARC p= tag defines enforcement policies like none, quarantine, and reject, and how DMARCeye helps manage domain protection confidently.
What is DMARC p= (Policy)?
The DMARC p= tag defines the enforcement policy that receiving mail servers should apply when messages fail DMARC authentication. It specifies whether unauthenticated emails should be delivered, quarantined, or rejected. This tag is the backbone of DMARC enforcement, guiding how recipients handle potentially spoofed or fraudulent messages that do not align with SPF and DKIM checks.
The policy is defined within the domain’s DMARC TXT record in DNS. Typical DMARC policies include “none,” “quarantine,” and “reject.” Each represents a progressively stricter level of protection, allowing organizations to build trust and confidence before moving to full enforcement.
How the DMARC p= Tag Works
Example DMARC record:
v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@example.comIn this example, the p=quarantine directive tells receiving mail servers to send failing messages to the spam or junk folder instead of rejecting them outright.
DMARC policy options include:
- p=none - Monitor only. Mail is delivered normally, and failures are reported through DMARC reports.
- p=quarantine - Messages that fail authentication are marked as suspicious or sent to spam.
- p=reject - Messages that fail DMARC checks are fully rejected at the SMTP level and not delivered to the recipient.
Using the DMARC p= Tag Effectively
Organizations typically start with p=none while collecting and analyzing aggregate reports. Once all legitimate sending sources are properly authenticated, they progress to quarantine and eventually reject for full protection against domain spoofing.
Best practices include:
- Gradually tightening policies as visibility improves
- Using pct= to apply partial enforcement during testing
- Regularly reviewing reports to confirm all legitimate senders are passing authentication
- Ensuring DKIM and SPF alignment before moving to reject
DMARC p= and DMARCeye
DMARCeye provides visibility into how your chosen p= policy impacts real-world mail flow. Its reporting dashboards reveal how many messages pass or fail authentication, where failures occur, and what impact quarantine or rejection has on legitimate mail.
By correlating policy results with authentication data, DMARCeye helps organizations confidently advance from monitoring to full enforcement, protecting their domains from abuse while maintaining deliverability.
Sign up for a free trial of DMARCeye today and secure your email domain.
To learn more about DMARC and DMARC-related terms, explore the DMARCeye Glossary.