How does the pct tag in DMARC work when p and sp are set to none?
Matthew Whittaker
Co-founder & CTO, Suped
Published 30 Jun 2025
Updated 17 Aug 2025
9 min read
When delving into DMARC, understanding the nuances of each tag is crucial for effective email security and deliverability. One common point of confusion arises with the pct tag, especially when both the p (policy for organizational domain) and sp (policy for subdomains) tags are set to none. It seems counterintuitive to specify a percentage of emails for policy application when the policy itself is set to take no action. Let's clarify how this works, or rather, doesn't work, and why it's essential to understand the intended function of each DMARC tag.
DMARC, or Domain-based Message Authentication, Reporting, and Conformance, is an email authentication protocol designed to protect domains from email spoofing and phishing attacks. It builds upon two existing authentication methods: SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). A DMARC record, published in your domain's DNS, instructs receiving mail servers on how to handle emails that claim to be from your domain but fail SPF or DKIM authentication.
The core of a DMARC record is its policy tag, p. This tag dictates the action to be taken by the receiving server if an email fails DMARC authentication. The three primary policy options are none, quarantine, and reject. Similarly, the sp tag applies the same logic specifically to subdomains of your primary domain. You can learn more about these policies and their uses in our article on DMARC policies.
When p is set to none (and sp is also none), your DMARC record is effectively in monitoring mode. This means that if an email fails DMARC checks, no specific action (like quarantining or rejecting) will be taken by the receiving server based on your DMARC policy. The email will still be delivered according to the receiver's own internal policies, which might include sending it to spam or even the inbox. The primary benefit of p=none is to receive aggregate DMARC reports (rua tag), which provide valuable insights into your email sending ecosystem without impacting deliverability. For more on this, check out our guide on the utility of p=none.
Understanding the pct tag
The pct tag, or percentage tag, is an optional DMARC tag that allows domain owners to specify the percentage of emails that should be subjected to the DMARC policy. This tag is typically used during a gradual rollout of a DMARC policy from none to quarantine or reject. For instance, setting pct=10 with p=quarantine would mean only 10% of emails failing DMARC would be quarantined, while the remaining 90% would be delivered, often to the inbox, but still reported. This allows you to test the impact of stronger policies on a small subset of your mail flow before full enforcement. You can review a detailed guide on the DMARC pct tag to further understand its role.
The RFC 7489, which defines DMARC, describes pct as the percentage of messages from the Domain Owner's mail stream to which the DMARC policy is to be applied. However, this wording has led to some debate among experts regarding whether it applies to a percentage of all emails or only a percentage of those that fail DMARC authentication. The consensus in practice is that pct typically affects only messages that fail DMARC authentication.
When transitioning your DMARC policy from a monitoring state to an enforcement state, pct becomes a critical tool. It allows you to incrementally apply stricter policies, minimizing the risk of legitimate emails being quarantined or rejected due to misconfigurations. This is a best practice recommended by organizations like Google and is essential for a smooth DMARC deployment.
Why pct is ineffective with p=none
Here's the key takeaway: If your DMARC record specifies p=none and sp=none, the pct tag will have no practical impact on how failing emails are handled. The none policy explicitly states that receiving mail servers should take no specific action based on the DMARC check results, regardless of whether a percentage is specified. There's no enforcement action for pct to apply to.
No enforcement with p=none
The pct tag is designed to regulate the enforcement level of your DMARC policy. When your policy is none, there is no enforcement to apply a percentage to. Think of it like a dimmer switch for a light bulb that's already off. Turning the dimmer (pct) won't make the light (policy enforcement) turn on.
While including pct when p=none is technically valid syntax, it's considered redundant and serves no functional purpose. Some might mistakenly include it, but receiving mail servers will simply ignore it because there's no policy action to modify. The goal of a p=none policy is to gather data and reports about your email streams, which the pct tag doesn't affect. For a comprehensive list of DMARC tags and their functions, you can refer to our guide on DMARC tags.
In the example above, the pct=20 tag is effectively ignored because the primary policy p=none overrides any enforcement percentage. The receiving server will still generate DMARC reports and send them to reports@example.com, allowing you to observe authentication failures without blocking any mail flow. This setup is common during the initial phases of DMARC implementation as you gather data to understand your email ecosystem.
The intended use of pct
The pct tag truly comes into play when you transition your DMARC policy to an enforcement mode, specifically p=quarantine or p=reject. It allows for a staged rollout of these stricter policies, minimizing the risk of accidentally blocking legitimate email traffic. This gradual approach is a recommended best practice for DMARC deployment. For more information on this process, see our article on safely transitioning DMARC policies.
Consider a scenario where you're moving to p=quarantine. You might start with pct=10. This means that only 10% of emails that fail DMARC for your domain will be sent to the spam folder, while the remaining 90% will still be delivered. This allows you to monitor your DMARC reports closely for any unexpected legitimate mail failures. If everything looks good, you can gradually increase the pct value, eventually reaching pct=100, which applies the policy to all failing emails.
The true utility of the pct tag lies in its ability to provide a safety net during policy enforcement. It mitigates the risk of false positives, where legitimate emails might fail authentication due to misconfigurations or forwarding. By starting with a low percentage and gradually increasing it, you gain confidence in your DMARC setup before fully enforcing it, protecting your domain's sending reputation and preventing legitimate emails from being incorrectly blocklisted or sent to junk.
DMARC Policy
pct=10 (Action on Failing Emails)
pct=100 (Action on Failing Emails)
p=none
No specific action taken, emails delivered normally.
No specific action taken, emails delivered normally.
p=quarantine
10% of failing emails are quarantined (e.g., sent to spam), 90% delivered.
100% of failing emails are quarantined (e.g., sent to spam).
p=reject
10% of failing emails are rejected, 90% delivered.
100% of failing emails are rejected.
Beyond enforcement: Monitoring with p=none
Even though the pct tag has no effect when p=none, the none policy itself is incredibly valuable. It's the essential first step in any DMARC implementation, allowing you to gain visibility into your email channels without risking legitimate email delivery. The aggregate reports (RUA) generated during this monitoring phase are critical for identifying all legitimate sending sources for your domain, including third-party senders, before you move to an enforcement policy. You can find more details on troubleshooting DMARC reports from Google and Yahoo.
The primary benefit of p=none is the data it provides. You receive reports detailing which emails are failing DMARC, why they are failing, and from what IP addresses they are originating. This intelligence is vital for fixing authentication issues, identifying unauthorized senders (spoofers), and ensuring that all your legitimate email senders are properly configured with SPF and DKIM. Only once you have a clear picture of your email sending landscape should you consider moving to an enforcement policy where the pct tag becomes relevant.
Views from the trenches
Best practices
Start with p=none to monitor your email traffic and gather comprehensive reports, understanding all legitimate sending sources.
Analyze DMARC aggregate reports (RUA) to identify and correct any SPF or DKIM alignment issues for your valid senders.
Once you are confident that all legitimate emails are passing DMARC, gradually increase your policy to quarantine using the pct tag.
Progressively move to a p=reject policy, again using the pct tag for a phased rollout to full enforcement.
Common pitfalls
Setting a p=quarantine or p=reject policy too early without proper monitoring, potentially causing legitimate emails to be blocked or spammed.
Neglecting to monitor DMARC reports, which can hide underlying authentication problems or ongoing spoofing attempts.
Misunderstanding the pct tag's function, leading to a false sense of security when policies are set to none.
Failing to update DMARC records when adding new sending services, resulting in DMARC failures for those emails.
Expert tips
Ensure your DMARC record includes a rua tag to receive aggregate reports, as these are indispensable for monitoring.
Remember that some receivers might still treat pct as a suggestion, so careful monitoring remains crucial even with enforcement policies.
Consider using a DMARC management platform to simplify report analysis and policy transitions.
Regularly review your DMARC data to adapt your policies as your email sending infrastructure evolves.
Expert view
Expert from Email Geeks says that the pct tag will likely have no impact when both p and sp are set to none, as there's no policy to enforce.
2024-01-24 - Email Geeks
Marketer view
Marketer from Email Geeks says that a p=none policy means DMARC validation results won't influence message disposition, rather than simply letting everything through.
2024-01-24 - Email Geeks
Final thoughts
In summary, while the pct tag is an important component of DMARC for a controlled rollout of enforcement policies, it essentially becomes redundant and non-functional when your DMARC policy is set to none for both your primary domain and its subdomains. The none policy itself already dictates no specific action, making any percentage for enforcement irrelevant. Focus on using p=none to gather critical insights from DMARC reports, and only introduce pct when you are ready to move towards quarantine or reject policies for enhanced email security against spoofing and phishing.
