PCT (DMARC) Tag
Learn what the DMARC pct tag does, how it controls enforcement rollout, and how DMARCeye helps test and optimize policies before full deployment.
What is the PCT (DMARC) Tag?
The pct tag in a DMARC record defined the percentage of failing messages the domain's policy was applied to. It was DMARC's only in-protocol way to phase in enforcement: publish a low percentage, watch the results, then raise it toward full coverage. DMARCbis (RFC 9989, published May 2026) removes the pct tag, because receivers honored it inconsistently and it rarely matched what operators intended.
Status update: DMARCbis removes the pct tag, and this is not a fire drill. Existing records stay valid, and receivers will not change how they handle your mail overnight. The practical change is that a DMARCbis receiver treats any pct<100 as pct=100, so a partial percentage no longer holds messages back. In its place, DMARCbis adds the t (testing) tag: t=y puts a policy in testing mode and downgrades it one step, so p=reject with t=y behaves like p=quarantine, while t=n enforces the stated policy. There is no percentage, so this is a one-step switch rather than a true staged rollout.
For example, an organization might have published p=reject; pct=25, expecting only 25% of unauthenticated messages to be rejected while the rest stayed monitored. Because intermediate values were unreliable across the receiver ecosystem, the coverage a domain published and the coverage it actually got were rarely the same.
How the PCT Tag Worked
The pct tag sat inside the DMARC TXT record in DNS, following this format:
v=DMARC1; p=quarantine; pct=50; rua=mailto:dmarc-reports@example.comIn this example, the receiving servers were meant to apply the quarantine policy to 50% of messages that failed DMARC authentication, with the selection made at random. The intent was statistically meaningful testing without full enforcement.
Key details about how pct behaved:
- Default value was 100 (policy applied to all messages)
- Accepted any integer between 1 and 100
- Worked only when the policy was
quarantineorreject - Had no effect when
p=none - Evaluated by each receiver independently, so actual coverage varied, which is the inconsistency that led DMARCbis to remove it
What Replaced the PCT Tag
DMARCbis does not offer a percentage-based replacement. For a supervised trial of a stricter policy, the in-spec option is the t (testing) tag rather than a partial percentage. Everything else that made pct useful, chiefly the feedback loop, still comes from aggregate reports.
If your records still carry pct:
- Leave the record in place for now; it stays valid, and nothing breaks when the spec lands
- Reach full SPF and DKIM alignment before a partial percentage stops softening your policy
- Use
t=ywhen you want a supervised test, treating it as a one-step downgrade - Track progress through aggregate reports rather than a sampling percentage
PCT Tag and DMARCeye
DMARCeye covers the part pct was supposed to help with: seeing what would break before you tighten a policy. It correlates authentication results, failure rates, and subdomain activity so you can move from monitoring to full enforcement with evidence rather than a guess.
Through visual reporting and step-by-step guidance, DMARCeye shows which sources still fail alignment and flags legacy tags like pct so you can retire them cleanly, making sure that once a reject policy applies to all mail, no legitimate source is lost.
Sign up for a free trial of DMARCeye today and secure your email domain.
To learn more about DMARC and DMARC-related terms, explore the DMARCeye Glossary.