Summary
Transitioning DMARC from 'none' to 'quarantine' for BIMI requires a strategic, phased approach. Experts and documentation emphasize the critical need for meticulous monitoring of DMARC reports to identify legitimate email sources, ensuring they are properly authenticated with SPF and DKIM. A gradual increase in the quarantine enforcement percentage is advised, starting with a small percentage and scaling up as confidence in the authentication setup grows. Employing DMARC reporting tools for visibility is also recommended. For a successful BIMI implementation, a 'quarantine' or 'reject' DMARC policy is mandatory, along with a valid VMC certificate. Seeking expert assistance is suggested, especially for those new to DMARC, to prevent deliverability issues.
Key findings
- BIMI Requirement: BIMI requires a DMARC policy of either 'quarantine' or 'reject'.
- Phased Transition: A phased approach—starting with 'none', moving to 'quarantine', and potentially to 'reject'—is recommended.
- Monitoring is Key: Careful monitoring of DMARC reports is crucial throughout the transition and beyond.
- SPF/DKIM Alignment: Ensuring proper SPF and DKIM alignment for all sending sources is essential.
- Reporting Tools: DMARC reporting tools provide crucial visibility into authentication results.
Key considerations
- Strategic Planning: The transition requires careful planning to avoid disrupting legitimate email flow.
- Gradual Enforcement: Gradually increase the quarantine percentage to minimize the risk of blocking legitimate emails.
- VMC Certificate: A valid VMC certificate is required for displaying your logo with BIMI.
- Expert Assistance: Consider seeking expert help if you lack experience with DMARC implementation.
- Regular Review: Regularly review DMARC reports and adapt the policy as needed to maintain email security and deliverability.
What email marketers say
9 marketer opinions
Transitioning DMARC records from 'none' to 'quarantine' for BIMI implementation is a multi-step process that requires careful planning and monitoring. The primary goal is to enhance email security and enable BIMI logo display without disrupting legitimate email flow. Experts recommend a phased approach, starting with thorough analysis of DMARC reports to identify and authenticate all legitimate email sources using SPF and DKIM. Continuous monitoring of DMARC reports and gradual increases in the quarantine policy enforcement are crucial to prevent deliverability issues. Several experts suggest using DMARC reporting tools to gain visibility into authentication results and consider professional help if unsure.
Key opinions
- Phased Approach: A phased approach, moving gradually from 'none' to 'quarantine', is essential for a smooth transition.
- DMARC Reports Analysis: Thorough analysis of DMARC reports is critical to identify and authenticate all legitimate email sources before implementing 'quarantine'.
- SPF/DKIM Alignment: Ensuring proper alignment of SPF and DKIM records for all email sources is necessary to avoid false positives.
- BIMI Requirement: A DMARC policy of 'quarantine' or 'reject' is a prerequisite for BIMI implementation.
- VMC Certificate: A valid VMC certificate verifying your logo is needed for BIMI to display your logo.
Key considerations
- Monitoring: Continuous monitoring of DMARC reports is essential to detect and address any deliverability issues during and after the transition.
- Reporting Tools: Utilizing DMARC reporting tools provides visibility into authentication results and helps track the impact of policy changes.
- Gradual Enforcement: Gradually increasing the enforcement percentage of the 'quarantine' policy allows for controlled testing and minimizes the risk of blocking legitimate emails.
- Professional Help: Seeking assistance from email authentication experts can be beneficial, especially for those unfamiliar with DMARC implementation.
- Testing: It is important to test BIMI implementation before making the DMARC policy live to ensure the correct implementation.
Marketer view
Email marketer from Mailhardener's Blog explains that BIMI helps display your logo in email inboxes, you'll need a DMARC policy set to either quarantine or reject. Make sure to have a valid VMC certificate, which verifies your logo. They emphasize monitoring DMARC reports to prevent deliverability issues.
22 Mar 2022 - Mailhardener Blog
Marketer view
Email marketer from EmailSecuritySPF Forum shares that switching to a 'quarantine' policy requires careful monitoring. It's important to use a DMARC reporting tool to get visibility into email authentication results. The marketer suggests gradually increasing the enforcement percentage (e.g., start with 10% quarantine) and monitoring the impact on deliverability.
17 Feb 2024 - EmailSecuritySPF Forum
What the experts say
2 expert opinions
Experts highlight the importance of a well-planned transition from a DMARC 'none' policy to 'quarantine' for BIMI implementation. They advise careful monitoring of DMARC reports, gradual increases in the quarantine percentage, and verifying SPF and DKIM records. They also recommend using tools to identify email sources and ensure a smooth transition.
Key opinions
- Monitoring Importance: Careful monitoring of DMARC reports is critical during the transition to 'quarantine'.
- Gradual Increase: Starting with a small quarantine percentage and gradually increasing it is recommended.
- SPF/DKIM Verification: Checking both SPF and DKIM records is essential for proper email authentication.
- Tool Usage: DMARC monitoring tools are helpful for identifying email sources.
Key considerations
- Planning: The transition from 'none' to 'quarantine' should be carefully planned.
- Authentication Setup: Ensure confidence in your email authentication setup before increasing the quarantine percentage.
- BIMI Requirement: BIMI requires a DMARC quarantine or reject policy, making the transition necessary.
Expert view
Expert from SpamResource emphasizes the importance of careful monitoring of DMARC reports when transitioning from 'none' to 'quarantine'. They advise starting with a small percentage of quarantine and gradually increasing it as you gain confidence in your email authentication setup. It's also important to remember to check both SPF and DKIM records.
15 Dec 2021 - SpamResource
Expert view
Expert from Word to the Wise highlights that while BIMI requires a DMARC quarantine or reject policy, the transition to a more restrictive policy from 'none' needs to be carefully planned. They suggest that users should use a tool like the WtW DMARC monitoring tool in order to know what sources are sending emails.
4 Dec 2024 - Word to the Wise
What the documentation says
4 technical articles
Documentation emphasizes that changing DMARC to 'quarantine' is a crucial step for BIMI eligibility and email security. This policy instructs recipient servers to place failing emails in spam, acting as a middle ground. A phased approach is advised: start with monitoring under a 'none' policy, gradually transition to 'quarantine', and eventually to 'reject'. Continuous monitoring of DMARC reports is essential throughout to identify and fix authentication issues and prevent unintended quarantining of legitimate emails.
Key findings
- BIMI Requirement: BIMI requires a DMARC policy of 'quarantine' or 'reject'.
- Phased Approach: A phased approach (none -> quarantine -> reject) is recommended for DMARC implementation.
- Quarantine Function: 'Quarantine' places failing emails in the spam folder.
- Email Security: Moving from 'none' to 'quarantine' helps protect against phishing and spoofing.
Key considerations
- Monitoring: Continuous monitoring of DMARC reports is essential to identify authentication issues.
- Gradual Enforcement: Gradually increase policy enforcement to avoid unintended quarantining of legitimate emails.
- Authentication Issues: Identify and fix authentication issues before enforcing stricter policies.
Technical article
Documentation from Bimigroup.org states that to be eligible for BIMI, a domain must have DMARC set up with either a 'quarantine' or 'reject' policy. This ensures that only authenticated emails can display the brand's logo in supporting email clients. The guide also recommends monitoring DMARC reports and gradually increasing the policy enforcement.
1 Apr 2022 - Bimigroup.org
Technical article
Documentation from dmarcian.com advises a phased approach to implementing a DMARC quarantine policy. Start by monitoring DMARC reports with a 'none' policy, then gradually move to 'quarantine', and eventually 'reject'. This allows you to identify and fix any authentication issues before enforcing stricter policies.
19 Feb 2025 - dmarcian.com
Are DMARC RUA and RUF tags mandatory for compliance and what are their benefits?
Do DMARC and BIMI require p=reject to be present on the organizational domain?
Do I need a VMC for BIMI to work with Google and Gmail?
Does implementing DMARC improve email deliverability and is DMARC p=none policy useful?
How do I implement BIMI and get my logo to show in Gmail and Yahoo Mail?
How do I properly set up DMARC records and reporting for email authentication?
