When will Gmail update their DMARC policy to quarantine?
Matthew Whittaker
Co-founder & CTO, Suped
Published 19 Jun 2025
Updated 17 Aug 2025
7 min read
The question of when Gmail will update its DMARC policy to `p=quarantine` for its primary domain, gmail.com, is a hot topic among email senders and deliverability professionals. Many anticipated a significant shift, especially following the major changes implemented in February 2024. However, it's important to understand the nuances of Google's DMARC strategy and distinguish between their requirements for senders and their own domain's policy.
While Google and Yahoo mandated DMARC authentication for bulk senders starting February 2024, this move was about ensuring that emails *sent to* their users were authenticated, not about gmail.com itself moving to a stricter DMARC enforcement for its outbound mail. The current policy for the gmail.com primary domain remains at `p=none`.
This distinction is crucial for anyone managing email deliverability. A `p=none` policy means that if an email claiming to be from gmail.com fails authentication, it will still be delivered, though DMARC reports will be generated. This differs significantly from a `p=quarantine` policy, which would instruct recipient mail servers to place unauthenticated emails in the spam or junk folder.
The current DMARC record for gmail.com reveals its posture. It's set to `p=none`, meaning that emails failing authentication are not quarantined or rejected by default. However, it also includes `sp=quarantine`, which means that emails from subdomains of gmail.com (e.g., mail.gmail.com) that fail DMARC would be quarantined.
This `sp=quarantine` for subdomains is a common setup, but the continued `p=none` for the primary domain indicates a cautious approach. Google's primary concern with their recent updates (starting February 2024) has been to encourage other senders to adopt stronger authentication, particularly those sending bulk emails to Gmail and Yahoo accounts. This helps protect their users from spam, phishing, and spoofing attempts.
For your own domain, transitioning your DMARC policy from `p=none` to `p=quarantine` or `p=reject` is a recommended best practice. This gradual progression allows you to monitor DMARC reports, identify legitimate email streams that might be failing authentication, and fix any issues before a stricter policy impacts your deliverability. Many resources explain the benefits of moving to a stronger DMARC policy.
The February 2024 changes: who they impacted
The February 2024 changes primarily focused on senders *to* Gmail and Yahoo users. These changes required bulk senders (those sending more than 5,000 emails per day) to implement SPF, DKIM, and DMARC authentication. They also emphasized the need for proper DMARC alignment and easy unsubscription mechanisms. This was a significant shift aimed at reducing unsolicited email and improving overall email ecosystem security and trustworthiness.
Many senders initially confused these requirements with gmail.com itself moving to `p=quarantine`. This is a common misunderstanding. The intent of the 2024 updates was to push *other domains* to adopt stronger authentication, thereby reducing the volume of unauthenticated mail targeting Google and Yahoo inboxes. The policies for `gmail.com` as a sending domain operate independently of these general sender requirements.
February 2024 requirements for senders
Authentication standards: Required SPF, DKIM, and DMARC for bulk senders.
Ease of unsubscription: One-click unsubscribe headers were mandated for marketing mail.
Spam rate thresholds: Senders must maintain a spam rate below 0.3%.
Gmail.com's DMARC policy
Primary domain policy: Currently `p=none` for gmail.com itself.
Subdomain policy: `sp=quarantine` for subdomains of gmail.com.
Future updates: No announced timeline for `p=quarantine` on the primary domain.
For email marketers and businesses, it's critical to focus on your own domain's DMARC implementation and ensure compliance with Gmail and Yahoo's new requirements. If you're using an ESP to send emails on behalf of a gmail.com address, these messages are unlikely to align with Gmail's DMARC, leading to potential deliverability issues.
Why the delay? The complexities of a global policy change
The transition from `p=none` to `p=quarantine` for a domain as large and widely used as gmail.com would be a monumental undertaking. It involves significant risks, as any misconfiguration could lead to a massive volume of legitimate emails being sent to spam (or even rejected) globally. This is why major email providers like Microsoft, Gmail, and Yahoo typically adopt a very cautious, phased approach to such changes.
One key factor influencing this decision is the widespread use of gmail.com addresses by individuals and businesses sending emails through third-party services (ESPs). If gmail.com were to move to `p=quarantine`, many of these legitimate emails would fail DMARC alignment, as the ESP's sending infrastructure would not align with gmail.com's SPF or DKIM records. While Gmail has already begun rejecting unauthenticated emails from `gmail.com` when sent via some third parties like Sendgrid, a full `p=quarantine` across the board would be much broader in its impact.
I believe that before Google moves gmail.com to a stricter `p=quarantine` policy, they will look for significant milestones to be achieved, particularly a substantial reduction in the amount of ESP-sent mail that uses gmail.com in the From address. This would minimize the disruption to legitimate email flows for end-users.
The outlook for senders: prepare your own domains
While a definitive date for gmail.com to move to a `p=quarantine` DMARC policy remains unannounced, it's reasonable to expect such a change could occur sometime in 2024 or 2025. This would align with the general industry trend towards stronger email authentication and a more secure email ecosystem.
For email senders, the takeaway is clear: don't wait for gmail.com to update its policy. Instead, prioritize securing your own sending domains. This includes ensuring proper SPF, DKIM, and DMARC records are in place, and that your email streams are correctly authenticated and aligned. Regularly monitoring your DMARC reports from Google and Yahoo is essential for maintaining strong deliverability.
Moving your own domain's DMARC policy from `p=none` to `p=quarantine` and eventually to `p=reject` is a proactive step towards robust email security and improved deliverability. This process should be incremental and data-driven. Don't rush it. Take your time to fix any authentication failures before moving to a stricter policy. You can learn more about switching DMARC configuration incrementally.
Views from the trenches
Best practices
Actively monitor DMARC reports to identify all legitimate email sources and their authentication status before changing policies.
Gradually escalate your DMARC policy from `p=none` to `p=quarantine` and then to `p=reject` in phases.
Ensure all third-party sending services are properly configured for SPF and DKIM alignment.
Common pitfalls
Confusing Google's sender requirements for bulk mail with Gmail.com's own DMARC policy for its root domain.
Moving to `p=quarantine` or `p=reject` too quickly without thoroughly analyzing DMARC reports, leading to legitimate emails being blocked.
Leverage Google Postmaster Tools to track your domain's reputation and compliance with Gmail's guidelines.
Regularly review your email authentication setup as part of your overall email deliverability strategy.
Understand that DMARC protects your brand from spoofing and phishing, regardless of Gmail's specific `p` policy.
Marketer view
Marketer from Email Geeks says they haven't seen any immediate impacts from the February 1st changes, but remains prepared for potential issues.
2024-02-01 - Email Geeks
Expert view
Expert from Email Geeks says that Google rarely provides early notification for changes to their own DMARC policy, so deliverability professionals should remain vigilant.
2024-02-01 - Email Geeks
The path forward for email senders
While there's no fixed date for Gmail to update its DMARC policy for gmail.com to `p=quarantine`, the trend in email security points towards increasingly strict authentication requirements. Google's February 2024 changes were a clear signal that unauthenticated email will face significant challenges, including being blocklisted (or blacklisted) or sent to spam.
The focus for senders should be on proactive compliance and robust email authentication for their own domains. This includes implementing DMARC with a policy that progresses to `p=quarantine` or `p=reject` over time, ensuring all sending sources are properly configured, and continuously monitoring deliverability. By doing so, you'll be well-prepared for any future policy changes from major mailbox providers.
Microsoft, Gmail, and Yahoo typically adopt a very cautious, phased approach to such changes.
