P= Policy (DMARC)
Learn what the DMARC p= policy tag does, how it defines message enforcement, and how DMARCeye helps you move safely toward full rejection.
What is a P= Policy (DMARC)?
The p= policy tag in a DMARC record instructs receiving mail servers how to handle messages that fail authentication. It defines the domain owner’s chosen response to unauthenticated email and serves as the core directive for DMARC enforcement. The policy can be set to none, quarantine, or reject, each representing a progressively stronger level of protection.
By publishing a p= policy in DNS, organizations communicate to mailbox providers whether messages that fail both SPF and DKIM alignment should be monitored, flagged, or rejected outright. This decision affects how recipients treat spoofed or unauthenticated emails that appear to come from the domain.
How the P= Policy Works
An example DMARC record with a reject policy:
v=DMARC1; p=reject; rua=mailto:dmarc-reports@example.comDMARC policy options:
- p=none: No enforcement, only monitoring and reporting.
- p=quarantine: Suspicious messages go to spam or junk folders.
- p=reject: Mail failing authentication is blocked at the SMTP level.
Organizations often start with p=none to gather aggregate reports before moving to stronger enforcement levels. This staged approach ensures legitimate senders are properly configured before full rejection is enabled.
Choosing the Right Policy
The choice of DMARC policy depends on authentication maturity and domain risk tolerance. Best practices include:
- Start with
p=noneand analyze reports for several weeks - Move to
p=quarantineonce legitimate sources pass authentication - Advance to
p=rejectfor complete domain protection - Use pct= for gradual rollout
P= Policy and DMARCeye
DMARCeye provides visibility into the real-world impact of your DMARC p= policy. It monitors pass and fail outcomes across mail streams, helping identify sources that would be quarantined or rejected. This allows administrators to fine-tune policies with confidence and gradually move toward full enforcement without disrupting legitimate communication.
- Automated monitoring
- AI-based recommendations
- Affordable pricing
- Monitor as many domains as you need
- Configure smart alerts to help you counter spoofing and phishing attempts in real time
Sign up for a free trial of DMARCeye today and secure your email domain.
To learn more about DMARC and DMARC-related terms, explore the DMARCeye Glossary.