DMARC Analyzer - Policies

Updated

This article contains information on the three DMARC policies—None, Quarantine, and Reject—explaining their functions, benefits, and how they protect domains from phishing, spoofing, and unauthorized email use.

There are three DMARC policies you can choose if an email fails the DMARC checks. These options are:

    • None
    • Quarantine
    • Reject.

Monitor policy: p=none

With a None policy, you do not want the email receiver to do anything with the emails. The email goes into the inbox of the receiver and you can use this data from the DMARC reports to start analyzing who is sending emails on your behalf. After analysis, you can go to the next level, Quarantine.

Quarantine policy: p=quarantine

With a Quarantine policy, you tell the email receivers to put these emails in special ‘quarantine’ folders like the junk/spam folder. You still analyze all the data and check who is sending emails on behalf of your domain and if they are allowed to.

Reject policy: p=reject

With a Reject policy, you ask the email receivers to reject all emails who fail the DMARC check. All these emails will bounce and will not end up in any folder of the receiver. With this policy all your email is secure but be aware that everything should be in place otherwise you will also block emails that are sent using your domain but from sources you have not safe-listed. For example; if you use third party senders like CRM systems or Email Service Providers and you did not give them permission to send on your behalf, all their emails will bounce.

DMARC-analyzer.png

The benefits of using DMARC include:

    • Leveraging the existing email authentication techniques: SPF and DKIM
    • Adding a vital reporting function. For example, if a domain owner publishes a DMARC record into their DNS record, they gain an insight into who is sending messages on behalf of their domain. This exposes detailed information about the email channel and a domain owner gains control over the messages sent on their behalf.
    • Protecting domains against abuse, in phishing or spoofing attacks. 

As a domain owner, it is vital to ensure that customers and suppliers only receive emails from trusted sources that are permitted to send emails. Enabling DMARC reassures email receivers that an email is legitimate and originating from your domain. 

Related to

Was this article helpful?
0 out of 3 found this helpful

Comments

2 comments
Date Votes
  • Avatar
    Tyler Ferguson

    I suspect most people who come to this page understand the basics. I want to know why a message that failed DMARC went to Held when their domain was set to p=reject and my settings are to honour the DMARC record. It's either a bug or something to do with pct=50 also being set. That's a setting that makes no sense to me, why would anyone want DMARC to apply some of the time? There should be custom settings for DMARC. Honour policy but override such that pct=100 is always the case and p=none (another DMARC setting that I hate) is switched to p=quarantine.

    0
  • Avatar
    Admin-TM

    Hi Tyler Ferguson

    Thank you for your comment.

    We have escalated your comments to our engineers, and they suggest that you raise a case with support for additional clarification to allow Support to review your DNS Authentication - Inbound Definition configuration.

    0

Please sign in to leave a comment.