Teaser only. This is not the full article. Complete policy guide with rollout timing and audit implications: DMARC Policy: None vs Quarantine vs Reject
p=none feels safe. It is monitor-only. Receivers still see spoofing attempts; they just will not act on your policy.
p=quarantine tells mailbox providers to treat failures as suspicious. p=reject tells them to block unauthenticated mail claiming your domain. SOC2, NIS2, and enterprise vendor forms in 2026 increasingly expect quarantine or reject, not endless p=none.
Your policy lives in one TXT record:
dig _dmarc.example.com TXT +short
Look for p=none, p=quarantine, or p=reject. The sp= tag governs subdomains separately.
In the full post on zerohook.org:
- What each policy does at Gmail, Outlook, and Yahoo
- When p=none is still acceptable (short answer: not long)
- pct= and gradual enforcement
- Compliance mapping (SOC2, NIS2, ISO)
Read the full guide: DMARC Policy: None vs Quarantine vs Reject
Top comments (0)