---
title: "How to fix the “DMARC policy not enabled” error- Everything you need to know! | DuoCircle"
description: "How to fix the “DMARC policy not enabled” error- Everything you need to know!"
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/dmarc/how-to-fix-dmarc-policy-not-enabled-error-complete-guide/"
---

Quick Answer

The "DMARC policy not enabled" error means your domain has a DMARC record published but no valid p= tag, so receiving servers have no instruction for handling unauthenticated mail. Fix it by adding one of three policies to your DMARC TXT record: p=none (monitor only, no enforcement, used during initial deployment to collect aggregate reports), p=quarantine (route failing mail to spam), or p=reject (refuse failing mail at the SMTP layer). Start at p=none, review aggregate reports for at least a few weeks to confirm legitimate senders are passing SPF or DKIM with alignment, then move to p=quarantine, then p=reject. The record format is v=DMARC1; p=; rua=mailto:reports@yourdomain.com published at \_dmarc.yourdomain.com. Without an enforcement policy, DMARC offers no protection against spoofing. 

How to fix the “DMARC policy not enabled” error- Everything you need to know!

Your browser does not support the audio element.

[ Download episode](https://media.mailhop.org/duocircle/images/2025/07/How-to-fix-the-DMARC-policy-not-enabled-error-Everything-you-need-to-know.mp3) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fdmarc%2Fhow-to-fix-dmarc-policy-not-enabled-error-complete-guide%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=How%20to%20fix%20the%20%E2%80%9CDMARC%20policy%20not%20enabled%E2%80%9D%20error-%20Everything%20you%20need%20to%20know!&url=undefined%2Fblog%2Fdmarc%2Fhow-to-fix-dmarc-policy-not-enabled-error-complete-guide%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fdmarc%2Fhow-to-fix-dmarc-policy-not-enabled-error-complete-guide%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fdmarc%2Fhow-to-fix-dmarc-policy-not-enabled-error-complete-guide%2F&title=How%20to%20fix%20the%20%E2%80%9CDMARC%20policy%20not%20enabled%E2%80%9D%20error-%20Everything%20you%20need%20to%20know! "Share on Reddit") [ ](mailto:?subject=How%20to%20fix%20the%20%E2%80%9CDMARC%20policy%20not%20enabled%E2%80%9D%20error-%20Everything%20you%20need%20to%20know!&body=Check out this article: undefined%2Fblog%2Fdmarc%2Fhow-to-fix-dmarc-policy-not-enabled-error-complete-guide%2F "Share via Email") 

![DMARC policy](https://media.mailhop.org/duocircle/images/2025/07/dmarc-report-service-9034.jpg) 

If you have stumbled upon this blog, then it is highly likely that you are dealing with the issue of the “DMARC policy not enabled” error. You get this message when your domain has a [DMARC record](/resources/dmarc-records), but there is no valid policy to define it. A DMARC record makes no sense without a DMARC policy. It’s like having a **front desk guard** in your building who smiles and nods, even when strangers walk in. Hence, the moment this message appears, you must understand that your email system is no longer protected against phishing and [spoofing attacks](https://www.infosecurity-magazine.com/news/infosec2025-email-domains-spoofing/).

With this simple and elaborate guide, you can set up the apt [DMARC policy](/dmarc/using-the-right-dmarc-policy-in-2025-a-guide/) (p=none, p=quarantine, or p=reject) for your domain. **Let’s get started**!

## Here’s how to define the right policy for your DMARC record!

The first step towards eliminating the “DMARC policy not enabled error” is to learn what purpose each policy serves and which one is the most suitable for your email system. 

[![ emails sent ](https://media.mailhop.org/duocircle/images/2025/07/spf-record-tester-4321.jpg)](https://media.mailhop.org/duocircle/images/2025/07/spf-record-tester-4321.jpg)

### None policy

_The p=none policy offers zero protection against email phishing and spoofing attempts. Yet it can be one of the most effective policies for your domain_. The primary objective of this policy is to monitor your email activities. That’s why it is also known as the “**monitoring” policy**. It instructs the recipient email servers to take no action against unauthenticated emails sent on your behalf. 

This monitoring policy proves helpful when you have just deployed the DMARC protocol. Its lenient nature enables domain owners to evaluate the [email traffic](https://emailanalytics.com/email-traffic/) through the DMARC reports and detect potential phishing or spoofing attempts (if any), without disrupting email deliverability. 

### Quarantine policy

The ‘p=quarantine’ policy instructs the recipient email server to handle the unauthenticated emails with proper vigilance. The quarantine policy is a step ahead of the p=none policy and is considered to be stricter as it instructs the receiving email servers to place the unauthorized emails in [spam folders](https://cybernews.com/news/microsofts-breach-notification-emails-end-up-in-spam-folder/). This not only **safeguards the recipients** from potential malicious emails, but also helps the domain owner with further details around the misuse of their domains by [threat actors](https://thehackernews.com/2024/07/tag-100-new-threat-actor-uses-open.html).

[![Threat Actors Misuse Domains](https://media.mailhop.org/duocircle/images/2025/07/windows-smtp-service-8945.jpg)](https://media.mailhop.org/duocircle/images/2025/07/windows-smtp-service-8945.jpg)

### Reject policy

The p= reject policy is the strictest and most effective one that offers **fool-proof protection** against potential phishing or spoofing attacks. When this policy is deployed, the recipient [mail server](https://www.techtarget.com/whatis/definition/mail-server-mail-transfer-transport-agent-MTA-mail-router-Internet-mailer) is instructed to reject the unauthenticated emails straightaway. This means that any email that fails the authentication check will not reach the recipient’s inbox or spam folder. 

_But there’s a downside to implementing the reject policy. In the case of false positives, even legitimate emails can be rejected_. That’s precisely why one must apply this policy only at a later stage when they are completely confident about the email activities. 

[![spam folder](https://media.mailhop.org/duocircle/images/2025/07/spf-validator-4321.jpg)](https://media.mailhop.org/duocircle/images/2025/07/spf-validator-4321.jpg)

## Publish/republish the DMARC record with the appropriate policy

Now that you know the purposes served by each policy, choose the one that is most suitable for your domain. Next, publish or republish the DMARC report with the policy selected as per your domain requirements. In case you do not have a DMARC record, then use an **online generator tool** to produce and then publish it in your domain’s DNS. However, if you already have a DMARC record, you simply need to include the correct policy (p=none, p=quarantine, or p=reject). Once you are done, you can simply republish the DMARC record.

If there is no policy tag, be aware that the DMARC setup is incomplete and serves no purpose, as it cannot protect your email system from potential [threat attacks](https://www.cybersecuritydive.com/news/iran-cyberattacks-warning-us-government-israel-war/751963/), such as phishing and spoofing. In the absence of a policy, the recipient’s email servers are not receiving any instructions on **how to handle** an unauthenticated email.

Once you have added the correct policy, it will automatically resolve the “DMARC policy not enabled” error message. 

[![error message. ](https://media.mailhop.org/duocircle/images/2025/07/spf-permerror-4321.jpg)](https://media.mailhop.org/duocircle/images/2025/07/spf-permerror-4321.jpg)

## How to resolve the “DMARC quarantine/reject policy not enabled” error?

If you come across **pop-up messages** like “DMARC Quarantine/Reject policy not enabled,” “DMARC policy not enabled,” or “ No DMARC protection,” there’s nothing to worry. All you need to do is select the appropriate policy for the DMARC record to prevent [malicious emails](https://www.securitymagazine.com/articles/100687-the-last-six-months-shows-a-341-increase-in-malicious-emails) from being delivered to recipients.

If you are new to DMARC and have recently deployed it, the best approach is to opt for the “None” policy. This policy enables you to silently observe and monitor email traffic without disrupting the email deliverability. Also, a new domain or [DMARC](https://dmarcreport.com/what-is-dmarc/) record can easily experience instances of false negatives or false positives. _By implementing p=none policy, you can easily detect unauthorized users of your domain, as well as understand whether you have missed out on enlisting genuine senders in your SPF record_.

You can then shift to the “**Quarantine” policy** after three to four weeks of close monitoring. Once you are well-versed in your DMARC setup, you can then move to “Reject” policy. 

## What’s the right way to shift from p=quarantine to p=reject policy?

If you plan to transition from quarantine to reject policy without a strategy, it can significantly impact your [email deliverability](/a-guide-on-email-deliverability). Here’s how you can plan the transition smoothly:

### Monitor your DMARC reports regularly

Study the aggregate DMARC reports to determine whether unauthorized senders are involved or if there are instances of false positives. It also helps you spot IP addresses that you might have missed adding to the [SPF record](/content/spf-records).

### Keep an eye on authentication gaps

Ensure that [SPF](https://autospf.com/blog/spf-guide-understanding-sender-policy-framework/) and DKIM protocols are configured correctly. Check for SPF updates and [DKIM signatures](https://docs.mapp.com/docs/dkim-signature) to avoid failed authentication checks.

### Use the “percentage” tag gradually

The “percentage” tag can be strategically used to allow the p=reject policy to be applied to a **specific percentage of outgoing emails**.

[![outgoing emails ](https://media.mailhop.org/duocircle/images/2025/07/sendgrid-alternative-3456.jpg)](https://media.mailhop.org/duocircle/images/2025/07/sendgrid-alternative-3456.jpg)

### Keep tracking your email traffic even after shifting to p=reject policy

Transitioning to reject policy doesn’t mean that you stop evaluating the [DMARC reports](/content/dmarc-report). _Review them regularly to ensure that no legitimate emails are blocked unnecessarily_.

**Regular monitoring** and a thorough understanding of DMARC policies will help you resolve the “DMARC policy not enabled” error efficiently. If you still need help, feel free to reach out to the experts at [DuoCircle](/) for professional guidance.

## Topics

DKIMDMARCspfSPF record 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  DMARC 6m  How to become a DMARC expert: a 6-step learning path  Sep 24, 2024 ](/blog/dmarc/a-detailed-guide-on-becoming-a-dmarc-expert/)[  DMARC 7m  Cloudflare’s new SPF, DKIM, and DMARC requirements  Jul 18, 2025 ](/blog/dmarc/cloudflares-new-spf-dkim-and-dmarc-requirements/)[  DMARC 5m  Configuring SPF, DKIM, and DMARC for Loops.so: A guide  Oct 28, 2025 ](/blog/dmarc/configuring-spf-dkim-and-dmarc-for-loops-so-a-guide/)[  DMARC 6m  Dealing with DMARC failures: Here’s how you can fix the errors  Apr 4, 2025 ](/blog/dmarc/dealing-with-dmarc-failures-how-to-fix-errors/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"How to fix the “DMARC policy not enabled” error- Everything you need to know!","description":"How to fix the “DMARC policy not enabled” error- Everything you need to know!","url":"https://www.duocircle.com/blog/dmarc/how-to-fix-dmarc-policy-not-enabled-error-complete-guide/","datePublished":"2025-07-25T21:58:37.000Z","dateModified":"2025-07-25T22:02:22.000Z","dateCreated":"2025-07-25T21:58:37.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/dmarc/how-to-fix-dmarc-policy-not-enabled-error-complete-guide/"},"articleSection":"dmarc","keywords":"DKIM, DMARC, spf, SPF record","wordCount":1022,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2025/07/dmarc-report-service-9034.jpg","caption":"DMARC policy","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"DMARC"},{"@type":"ListItem","position":3,"name":"How to fix the “DMARC policy not enabled” error- Everything you need to know!","item":"https://www.duocircle.com/blog/dmarc/how-to-fix-dmarc-policy-not-enabled-error-complete-guide/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"DMARC","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"How to fix the “DMARC policy not enabled” error- Everything you need to know!","item":"https://www.duocircle.com/blog/dmarc/how-to-fix-dmarc-policy-not-enabled-error-complete-guide/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"How to fix the “DMARC policy not enabled” error- Everything you need to know!","description":"How to fix the “DMARC policy not enabled” error- Everything you need to know!","url":"https://www.duocircle.com/blog/dmarc/how-to-fix-dmarc-policy-not-enabled-error-complete-guide/","datePublished":"2025-07-25T21:58:37.000Z","dateModified":"2025-07-25T22:02:22.000Z","dateCreated":"2025-07-25T21:58:37.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/dmarc/how-to-fix-dmarc-policy-not-enabled-error-complete-guide/"},"articleSection":"dmarc","keywords":"DKIM, DMARC, spf, SPF record","wordCount":1022,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2025/07/dmarc-report-service-9034.jpg","caption":"DMARC policy","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```