Now that you are very close to or ready to protect your domain, you have a few different options that you could go for in terms of your DMARC policy.

Basically, there are 3 policies to be aware of and percentages which range from 0 to 100 as shown below,:

- p=none pct=100 - it asks the recipients to NOT apply any policy to 100% of the emails that fail DMARC. This is the initial starting point, also called reporting-only mode.

- p=quarantined pct=100 - it asks recipients to quarantine / send to spam 100% of the emails that fail DMARC

- p=reject pct=100 - it asks recipients to reject / drop 100% of the emails that fail DMARC. This is the end goal, to reject 100% of the emails that fail DMARC. NOTE: Rejected emails cannot be retrieved.

The above policies and percentages allow you to have some flexibility and take slower approach to reaching the end goal of p=reject pct=100.

Keeping the above in mind, if you wanted to minimize the impact and have some risk management, you can decide to go for a quarantine policy first and even specify 50% (example p=quarantine pct=50). This means that you are asking your recipients to quarantine 50% of the emails that fail DMARC and apply nothing to the other 50%. You can run in this mode for let's say a week and if there are no issues / complaints you can decide to go to p=quarantine pct=100 the week after that. Then you can go to p=reject pct=50 which asks recipients to reject 50% of the emails and quarantine the other 50% (apply the next policy down). Finally, reaching p=reject pct=100.

Coming up with the next best policy is important and depends on your specific scenario. There is not one policy that fits all, it depends on your current DMARC compliance and status across the whole of your domain. Therefore, please speak to a member of our team or your dedicated Customer Success Engineer if you need a hand deciding what DMARC policy to go for.

To sing up to OnDMARC and gain visibility into your domain follow the button below.


Did this answer your question?