Enforcement Policy (DMARC)
Learn how DMARC enforcement policies work, what p=none, quarantine, and reject mean, and how DMARCeye helps you move safely toward full protection.
What Is a DMARC Enforcement Policy?
An enforcement policy defines how strictly a domain owner instructs receiving mail servers to handle messages that fail DMARC authentication checks.
In other words, it tells mailbox providers what to do when an incoming email doesn’t align with the domain’s SPF or DKIM records (whether to accept it, quarantine it, or reject it outright).
This policy is declared in a domain’s DMARC record using the p= tag.
How Enforcement Policies Work in DMARC
DMARC supports three enforcement policy levels, each representing a different degree of protection:
p=none(Monitor Mode) – No enforcement. Messages that fail DMARC are still delivered, but the domain owner receives DMARC reports to observe unauthorized activity.p=quarantine(Partial Enforcement) – Suspicious messages are marked as spam or placed in the recipient’s junk folder. This helps reduce risk while still allowing legitimate but misconfigured mail to surface.p=reject(Full Enforcement) – Messages that fail DMARC are completely rejected at the server level and never reach the recipient. This is the strongest protection against spoofing.
Domains typically begin with p=none, then progress to quarantine and finally to reject once all legitimate senders are properly authenticated.
Why Enforcement Policies Are Important for Email Security
An effective enforcement policy is the final step in securing a domain with DMARC. Without enforcement, unauthorized senders can continue to spoof your domain, even if DMARC is technically configured.
By gradually tightening the enforcement level, organizations can protect customers and employees from phishing and brand impersonation, while ensuring legitimate traffic remains unaffected.
Proper enforcement also improves email reputation and deliverability, as mailbox providers recognize the domain as trustworthy and well-managed.
Enforcement Policy and DMARCeye
DMARCeye helps organizations safely move from monitoring to full enforcement by providing clear insight into who is sending mail on behalf of a domain and whether each sender passes authentication checks.
Through detailed DMARC reports and visual analysis, DMARCeye makes it easy to identify legitimate mail sources, fix configuration issues, and confidently advance your enforcement policy to a stricter level, without disrupting business email flow.
Sign up for a free trial of DMARCeye today to protect your domain from spoofing.
To learn more about DMARC and DMARC-related terms, explore the DMARCeye Glossary.