Introduction to DMARC and the p=quarantine Policy

DMARC (Domain-based Message Authentication, Reporting, and Conformance), defined in RFC 7489, is an email authentication protocol. It builds upon SPF and DKIM to provide domain owners with the ability to protect their domain from unauthorized use. DMARC enables senders to specify how receiving mail servers should handle unauthenticated emails originating from their domain. It also provides a mechanism for receiving servers to report back to the domain owner about authentication results.

DMARC policies dictate the action receiving mail servers should take when an email fails DMARC authentication. The three primary policies are:

p=none: Monitor mode. Receiving servers take no action on failed messages but send reports. This is the initial deployment phase.

p=quarantine: Receiving servers should treat failed messages as suspicious. They are typically placed in the recipient's spam folder or flagged for further review.