PCT (DMARC) Tag

What is the PCT (DMARC) Tag?

The pct tag in a DMARC record defines the percentage of messages to which the domain’s DMARC policy is applied. It allows administrators to gradually roll out enforcement, testing how messages behave under the chosen policy (none, quarantine, or reject) before applying it universally. This makes pct a valuable tool for minimizing disruption while moving toward full protection.

For example, an organization might publish a DMARC record with p=reject; pct=25, meaning that only 25% of unauthenticated messages will be rejected while the remaining 75% are still monitored. Over time, the percentage can be increased until the domain reaches full enforcement at 100%.

How the PCT Tag Works

The pct tag is included as part of the DMARC TXT record in the DNS. Its syntax follows this format:

In this example, the receiving mail servers will apply the quarantine policy to 50% of messages that fail DMARC authentication. The selection is random, so receivers decide which individual messages are affected, allowing for statistically meaningful testing without fully enforcing the policy yet.

Key details about pct behavior:

• Default value is 100 (policy applies to all messages)
• Accepts any integer between 1 and 100
• Works only when the policy is set to quarantine or reject
• Has no effect when p=none
• Evaluated by each receiver independently—actual coverage may vary

When to Use the PCT Tag

The pct tag is most useful during DMARC rollout or major configuration changes. It helps organizations validate their authentication setup and monitor impact through aggregate reports before enforcing policies on all mail.

Common use cases include:

• Testing new SPF or DKIM configurations
• Gradual rollout of stricter DMARC enforcement
• Reducing false positives from unaligned third-party senders
• Monitoring legitimate traffic that may fail authentication
• Building confidence before moving from none to reject

By using incremental percentages (such as 10%, 25%, 50%, 75%, and 100%), teams can safely identify issues and fix them without disrupting legitimate mail delivery.

PCT Tag and DMARCeye

DMARCeye helps organizations use the pct tag effectively by providing detailed visibility into how partial enforcement impacts message flow. The platform correlates authentication results, failure rates, and subdomain activity to show exactly how policies behave at different enforcement levels.

Through visual reporting and step-by-step recommendations, DMARCeye guides teams from a low pct setting to full 100% enforcement with confidence. This ensures that once a reject policy is fully applied, all legitimate mail sources are authenticated correctly and no business-critical messages are lost.

Sign up for a free trial of DMARCeye today and secure your email domain.

To learn more about DMARC and DMARC-related terms, explore the DMARCeye Glossary.