DMARC policies

DMARC policies

28 July, 2020

DMARC policies

A DMARC policy is included in a DNS record for a given domain enabling the sender to specify if messages are protected by SPF or DKIM. DMARC policy also integrates an email address that can be used for sending compliance reports for non-delivery of emails due to DMARC policy violations. DMARC Policy tells the email receivers like Microsoft, Gmail, Yahoo, and other DMARC Internet Service Providers who adopted DMARC what to do if an email fails the DMARC check.


Available DMARC policies

There are three DMARC policies you can choose if an email fails the DMARC checks. You can choose NONE, QUARANTINE, and REJECT.

  • P=NONE

Under this policy, the email receiver does not take any action if emails fail DMARC authentication. Emails are simply sent into the receiver’s inbox while the domain owner gets the information of spoofed emails with the DMARC report data. 


Here, email receivers are instructed to inspect emails that have failed the DMARC authorization. The email is delivered into either junk or spam folder. Although the policy entirely depends upon how the user sets it. 


This policy indicates that all the emails that have failed any of the parameters are rejected and restricted from being sent to the receiver. In any case, if a user wishes to change any policy it might take days to regenerate new policies.  


Parts of a DMARC policy

Each part of the policy is defined as follows:


  • dmarc: identifies the TXT record as a DMARC policy.
    • v=DMARC1 indicates the version of DMARC used.
  • p=quarantine: is the policy action.
    • none: Do nothing/reporting only
    • quarantine: Treat the mail as spam
    • reject: Refuse mail that fails DKIM and SPF
  • rua= identifies the destination for the aggregate reports.
  • pct=100 specifies how much traffic should be subject to policy validation.



Request Your Complimentary Domain Analysis