---
title: "DMARC policy explained: p=none, quarantine, reject | DuoCircle"
description: "Learn what DMARC"
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/dmarc/dmarc-policy-guide-for-beginners/"
---

Quick Answer

DMARC has three policies that tell receiving servers how to handle mail that fails SPF and DKIM checks. p=none is monitoring only and does not block any mail; it is the right starting point for new domains, decentralized organizations with many sending teams, transactional mail using third-party services, and phased rollouts. p=quarantine sends failing mail to the spam folder, useful as a transition step, for organizations with complex email flows that produce false positives, for non-essential subdomains, for forwarding-heavy environments, and for high-volume senders. p=reject blocks failing mail outright and is the policy of choice for VIP and executive accounts, e-commerce and government domains targeted by impersonation, and finance or healthcare where any spoofed message is unacceptable. The progression p=none > p=quarantine > p=reject is the standard rollout path.

DMARC policy explained: p=none, quarantine, reject

Your browser does not support the audio element.

[ Download episode](https://media.mailhop.org/duocircle/images/2024/11/DMARC-policy-guide-for-beginners.mp3) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fdmarc%2Fdmarc-policy-guide-for-beginners%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=DMARC%20policy%20explained%3A%20p%3Dnone%2C%20quarantine%2C%20reject&url=undefined%2Fblog%2Fdmarc%2Fdmarc-policy-guide-for-beginners%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fdmarc%2Fdmarc-policy-guide-for-beginners%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fdmarc%2Fdmarc-policy-guide-for-beginners%2F&title=DMARC%20policy%20explained%3A%20p%3Dnone%2C%20quarantine%2C%20reject "Share on Reddit") [ ](mailto:?subject=DMARC%20policy%20explained%3A%20p%3Dnone%2C%20quarantine%2C%20reject&body=Check out this article: undefined%2Fblog%2Fdmarc%2Fdmarc-policy-guide-for-beginners%2F "Share via Email") 

![DMARC policy](https://media.mailhop.org/duocircle/images/2024/11/spf-validator-7326.jpg) 

_With rapid digitization, email has become one of the most effective communication tools, both for business and corporate entities_. However, the matter of concern is that the same emails are a favorite avenue for [threat actors](https://www.infosecurity-magazine.com/news/us-israel-iran-new-tradecraft/) who exploit them to carry out [malicious attacks](https://www.darkreading.com/cyberattacks-data-breaches/more-than-30-of-all-malicious-attacks-target-shadow-apis), impersonate trusted brands, and spam naive users. This is where DMARC (Domain-based Message Authentication, Reporting, and Conformance) steps in! This is a robust email authentication protocol that can protect your domain as well as **email recipients** from the prying eyes of cybercriminals.

This guide explains **DMARC policies for beginners**, by the end of this article, you will know when to use which DMARC policy to get optimum protection from [phishing and spoofing](https://thehackernews.com/2024/07/proofpoint-email-routing-flaw-exploited.html). 

## DMARC- Basic definition

DMARC is a powerful email authentication protocol that verifies whether each email sent from your domain is completely legitimate. The ultimate goal of using DMARC is to prevent threat actors and unauthorized entities from sending malicious emails on your behalf. DMARC operates by **leveraging** **two existing protocols**: SPF (Sender Policy Framework) and [DKIM](/resources/what-is-dkim) (DomainKeys Identified Mail).

The job of DMARC is to ensure that:

1. [Illegitimate emails](https://www.linkedin.com/pulse/illegitimate-emails-protect-yourself-indigo-it-limited) are filtered out from **all the outgoing emails**.
2. The domain owner gets to decide what happens to the unauthenticated emails (whether they are sent to spam, simply rejected, or no action is taken against them).

**DMARC implementation protects** your domain from any kind of misuse and helps build trust among your **email recipients**.

## DMARC policy explained

[DMARC policy](/resources/dmarc-policy) is basically a set of instructions that you pass on to the receiving servers on how to **treat unauthenticated emails** sent from your domain. A domain owner gets three major policies to choose from: [none, quarantine, or reject](/dmarc/use-cases-for-none-quarantine-and-reject-policy-in-dmarc/). 

### None policy

Also known as the **monitoring policy, p=none** does not intercept unauthorized emails sent on behalf of your domain. The common notion is that p=none is an inefficient or useless DMARC policy. However, the fact is that p=none can prove to be beneficial in specific cases. 

The ‘none’ policy is suitable for:

#### New domains

[![email servers](https://media.mailhop.org/duocircle/images/2024/11/spf-record-generator-7395.jpg)](https://media.mailhop.org/duocircle/images/2024/11/spf-record-generator-7395.jpg)

_If your domain is new, then starting with the ‘none’ policy helps you closely monitor the performance of the emails_. The policy will simply gather data around l**egitimate IP addresses** and [email servers](https://www.one.com/en/email/what-is-an-email-server) that are allowed to send emails from your domain.

#### Businesses that have multiple teams, channels, or units

If yours is a **large company or business** with a decentralized email flow, multiple teams, and departments, p=none is the way to go. The policy will help you keep a tab on [email communications](https://www.tidio.com/blog/email-communication/) across multiple departments at the same time.

#### Maintaining or enhancing the deliverability rate for domains that use transactional emails

The ‘none’ policy is also suitable for domains or subdomains that **send transactional emails** and use [third-party vendors](https://www.upguard.com/blog/third-party-vendor#:~:text=A%20third-party), such as marketing platforms or [CRM systems](https://www.salesforce.com/eu/crm/what-is-crm/crm-systems/). 

#### Testing DMARC’s impact on both internal and external emails

_The ‘none’ policy enables you to check how DMARC is impacting the external and internal emails that are being sent from your domain_. At times, you may have to test the effect of DMARC on the internal and external emails separately. The p=none policy enables you to check things separately without **hampering the functioning** of either type of email.

#### Domains that are used for public interactions or high-volume communications

info@domains and **notifications-based domains** should also use the ‘none’ policy, as this allows them to evaluate the IP addresses and sources that communicate with the public-facing addresses. Analyzing them closely enables you to enforce reject or quarantine policy later on.

#### Phased DMARC transition

Rushing the transition from ‘none’ to ‘quarantine’ and then to ‘reject’ can affect the **email flow and disrupt their deliverability**. It is, therefore, advised to stick to p=none in order to determine and fix the issues.

### Quarantine policy

Stricter than the ‘none’ policy, but lenient as compared to the ‘reject’ policy, p=quarantine is the DMARC policy that instructs the **recipient servers** to deliver the unauthorized emails to the [spam folders](https://cybernews.com/news/microsofts-breach-notification-emails-end-up-in-spam-folder/). The [suspicious emails](https://finance.yahoo.com/news/american-retailers-leave-consumers-exposed-181200283.html) land in the spam folders instead of getting completely rejected. It offers a greater degree of protection to your domain than the p=none policy. _At the same time, it also minimizes the chances of important/legitimate emails getting outright rejected_. 

Here are the situations where you should use p=quarantine policy:

#### Gradual transition from ‘none’ to ‘reject’

_The p=quarantine policy bridges the gap between ‘none’ and ‘reject’ policies. It’s great to shift to ‘quarantine’ from ‘none’ and then move to ‘reject’ finally_. This phased transition enables domain owners to identify the actual **non-compliant senders** and fix the issue accordingly.

#### To minimize cases of false positives

Organizations with complex [email flow](https://blog.embertribe.com/email-marketing/understanding-email-flow-a-comprehensive-guide-for-beginners) setups should go for the ‘quarantine’ policy. Different units and departments may lead to mismatched [SPF](/resources/what-is-spf) and **DKIM setups**. The ‘quarantine’ policy enables you to identify the emails that fail to pass DMARC tests. 

#### To safeguard your non-essential subdomains

Non-essential subdomains are among the threat actors’ prime targets. _Domain owners often ignore their safety since they are non-essential_. However, enforcing p=quarantine can be helpful in this case. With the quarantine policy, it becomes more convenient to **identify non-compliant messages** without affecting [email deliverability](/a-guide-on-email-deliverability).

#### Internal domain forwarding issues

Domains that **involve multiple internal** [email forwarding](https://en.wikipedia.org/wiki/Email%5Fforwarding) or routing may fail the DMARC test because of their non-alignment with either SPF or DKIM. In such cases, the ‘quarantine’ policy comes in handy. It serves as an intermediary and helps you analyze the situation without rejecting the emails.’

#### High-volume email environment

If your domain sends out **high-volume emails** such as automated notifications or customer service systems, then it is advisable to use p=quarantine. The high volume of data offers accurate insights based on which the domain owner can eventually transition to p=reject.

### Reject policy

The ‘reject’ policy instructs the **recipient servers** to entirely reject the unauthorized emails that are sent from your domain. It is a stringent [DMARC](/resources/what-is-dmarc) policy used by a few domain owners since no one wishes to risk their [legitimate emails](https://www.trendmicro.com/vinfo/us/security/definition/legitimate-bulk-emails) being rejected.

Below-given are the **use cases for p=reject**:

#### VIP email addresses

_VIPs and executives are impersonated quite often by threat actors in order to trick clients, shareholders, and employees into making significant financial transactions_. That’s why **enforcing p=reject** will be a suitable choice to disrupt the malicious intentions of threat actors.

[![Malicious Intentions](https://media.mailhop.org/duocircle/images/2024/11/email-migration-service-3.jpg)](https://media.mailhop.org/duocircle/images/2024/11/email-migration-service-3.jpg)

#### E-commerce giants, government entities, and high-value brands

People generally consider such sectors to be highly credible. That’s exactly why threat actors try to impersonate the same and send out unauthorized emails from such domains. Therefore, these types of **high-value domains** stick to p=reject in order to eliminate the malicious intentions of threat actors. 

#### The finance sector and high-security industries

These industries often serve as a treasure trove of [sensitive data](https://thecyberexpress.com/us-rule-on-threats-exploiting-sensitive-data/). That’s exactly why they don’t take any risk and **stick to p=reject** in order to amplify their [email security](/). 

## Wrapping up!

[Email authentication](/resources/email-authentication) is the need of the hour, given the increasing instances of cyberattacks across the globe. _This elaborate guide around DMARC policy will help you simplify your email authentication journey in easy yet impactful stages_. Choose the **right policy and protect** your email communication system like a pro.

## Topics

DKIMDMARCemail securityspfUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  DMARC 6m  A guide to detecting DMARC problems using the pentesting techniques  Oct 3, 2024 ](/blog/dmarc/a-guide-to-detecting-dmarc-problems-using-the-pentesting-techniques/)[  DMARC 6m  How are DMARC enforcement and DMARC reporting different?  Dec 5, 2024 ](/blog/dmarc/how-are-dmarc-enforcement-and-dmarc-reporting-different/)[  DMARC 6m  How to become a DMARC expert: a 6-step learning path  Sep 24, 2024 ](/blog/dmarc/a-detailed-guide-on-becoming-a-dmarc-expert/)[  DMARC 6m  Avoiding common BIMI pitfalls: What goes wrong and how to fix it  Jun 24, 2025 ](/blog/dmarc/avoiding-bimi-pitfalls-common-errors-and-how-to-fix-them/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"DMARC policy explained: p=none, quarantine, reject","description":"Learn what DMARC's three policies (p=none, quarantine, reject) actually do, when to use each, and how to roll out a safe DMARC deployment step by step.","url":"https://www.duocircle.com/blog/dmarc/dmarc-policy-guide-for-beginners/","datePublished":"2024-11-22T18:52:05.000Z","dateModified":"2025-04-23T15:32:15.000Z","dateCreated":"2024-11-22T18:52:05.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/dmarc/dmarc-policy-guide-for-beginners/"},"articleSection":"dmarc","keywords":"DKIM, DMARC, email security, spf, Updates","wordCount":1186,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2024/11/spf-validator-7326.jpg","caption":"DMARC policy","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"DMARC"},{"@type":"ListItem","position":3,"name":"DMARC policy explained: p=none, quarantine, reject","item":"https://www.duocircle.com/blog/dmarc/dmarc-policy-guide-for-beginners/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"DMARC","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"DMARC policy explained: p=none, quarantine, reject","item":"https://www.duocircle.com/blog/dmarc/dmarc-policy-guide-for-beginners/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"DMARC policy explained: p=none, quarantine, reject","description":"Learn what DMARC's three policies (p=none, quarantine, reject) actually do, when to use each, and how to roll out a safe DMARC deployment step by step.","url":"https://www.duocircle.com/blog/dmarc/dmarc-policy-guide-for-beginners/","datePublished":"2024-11-22T18:52:05.000Z","dateModified":"2025-04-23T15:32:15.000Z","dateCreated":"2024-11-22T18:52:05.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/dmarc/dmarc-policy-guide-for-beginners/"},"articleSection":"dmarc","keywords":"DKIM, DMARC, email security, spf, Updates","wordCount":1186,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2024/11/spf-validator-7326.jpg","caption":"DMARC policy","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```