The DMARC TXT record outlines your policy which essentially tells receivers how to treat emails coming from you and emails that appear to come from you but are not authorised.

By default the policy applies to emails from the domain you have specified and any subdomains as well. If you require a different policy for your subdomains then separate DMARC records have to be configured for them.

The DMARC policy can be in one of three states:

p=none (reporting mode ie. receivers will only send back reports to you. During this stage you do not need to have SPF or DKIM setup as it is only reporting)

p=quarantine (quarantine emails that fail SPF and DKIM)

p=reject (reject emails that fail SPF and DKIM)

In theory everyone should go through the three states in the order they appear above. Here is some reasons why. 

You would start with p=none in order to collect reports regarding your emails and the origin of those emails. This is where you will be able to see the sources that send on your behalf as you may not necessarily be the only one sending emails from your domain, a third-party could also be sending on your behalf. This stage will give you visibility into your mail flow.

Once you have identified your sources you can move onto p=quarantine which will essentially tell receivers to quarantine any emails that fail SPF or DKIM checks. During this stage you can see if any legitimate emails are being quarantined or not and tweak your SPF or DKIM accordingly. 

The final stage is p=reject where you are sure that you have identified all your legitimate sources of emails and that anything or anyone else sending on your behalf should be rejected. 

In addition, for p=quarantine and p=reject you can specify the amount of emails that should have these policies applied in terms of percentage using the “pct=” tag in the record. For example when you decide to mode to p=quarantine you can specify that you want this policy to apply to only 20% of emails (pct=20). You can slowly increase this number until you are ready for p=reject. During the p=reject stage you can again specify that you would like to reject only 50% of emails and increase this number until you reach pct=100. The goal for everyone implementing DMARC is to reach p=reject pct=100.

Did this answer your question?