How does the pct tag in DMARC work when p and sp are set to none?

While pct is crucial for gradually escalating DMARC policies like quarantine or reject, its application is intended to control the percentage of *failing* messages that are subjected to an *active* policy. When the policy itself is none, there's no action to apply to a percentage of emails. However, even with p=none, DMARC reports (RUA) will still be generated, providing valuable insight into your email traffic and authentication status, regardless of the pct value. This monitoring phase is crucial for understanding your email ecosystem before moving to stricter policies like p=reject. For a deeper dive into policy choices, see when to use DMARC p=none, p=quarantine, or p=reject policies. You can also learn how to safely transition your DMARC policy.

Key findings

• no impact: pct generally has no practical effect when the DMARC policy (p and sp) is set to none. This is because none implies no enforcement action, regardless of any percentage.
• policy definition: p=none means that the DMARC validation result should not influence the message's delivery decision by the receiving server.
• intended use of pct: pct is designed for policies like quarantine or reject, allowing a gradual rollout of stricter enforcement by applying the policy to a percentage of failing emails. For instance, a policy of p=reject; pct=60 would only reject 60% of emails that fail DMARC, as highlighted by Postale.io.
• reporting purpose: p=none is primarily used for monitoring email traffic via RUA (Aggregate Reports) without enforcing policy. The pct tag does not typically affect the generation of RUA reports.

Key considerations

• deployment strategy: DMARC deployment often starts with p=none to gather data through RUA reports before gradually moving to quarantine and then reject, using pct to control the transition.
• clarity in configuration: Including pct with p=none can lead to confusion as it suggests a partial application of a policy that, by definition, has no enforcement action. It's generally best practice to only use pct with quarantine or reject policies.
• receiver interpretation: Some mailbox providers might interpret pct as merely a suggestion, rather than a strict directive. This variability further reduces its utility when p=none is already in place.

Key opinions

• confusion about redundancy: Many marketers are puzzled by the inclusion of pct when DMARC policies are already set to none, as it seems functionally irrelevant.
• focus on reporting: For marketers, the primary value of p=none lies in its ability to generate DMARC aggregate reports (RUA), which offer visibility into email authentication results without disrupting mail flow.
• gradual enforcement tool: The pct tag is best understood as a mechanism for the measured implementation of stricter policies, like gradually moving to quarantine or reject, as explained by SiteGround.

Key considerations

• monitoring vs. enforcement: Marketers should distinguish between DMARC's monitoring capabilities (p=none) and its enforcement capabilities (p=quarantine, p=reject). The pct tag only applies to the latter.
• DMARC reports: Even with p=none, analyzing DMARC aggregate reports is essential for identifying legitimate sending sources and preparing for stricter policies. For instance, understanding SPF alignment issues in DMARC reports is critical for marketers.
• avoiding confusion: To prevent misinterpretation, marketers should consider omitting the pct tag entirely when using a p=none policy, as it introduces unnecessary complexity without functional benefit.

Key opinions

• negligible impact: The consensus among experts is that a pct tag has virtually no impact when the DMARC policy is set to none, as none specifically means no action is to be taken based on DMARC validation.
• policy interpretation: While none means no policy action, it doesn't mean everything through, but rather that DMARC's validation result should not influence the message's disposition. Other factors still apply.
• receiver discretion: Some mailbox providers treat the pct tag as a suggestion, not a strict command, adding another layer of ambiguity, especially when it's logically redundant with p=none.
• true purpose of pct: The pct tag is best utilized as a 'trust dial' for implementing quarantine or reject policies. It allows domain owners to test the impact of enforcement on a small percentage of their failing mail traffic.

Key considerations

• transition strategy: Experts recommend a phased DMARC rollout: start with p=none, then transition to quarantine at pct=1, gradually increasing pct to 100%, and then repeating the process for reject. This cautious approach minimizes disruption.
• focus on RUA reports: With p=none, the main actionable item is the analysis of RUA reports, providing insights into email sources and authentication passes/failures. Understanding DMARC reports from Google and Yahoo is key.
• potential for confusion: While harmless, including pct with p=none can lead to philosophical debates or unnecessary scrutiny, as it implies a control that isn't actually being exercised under a none policy.
• RUA tag importance: The rua tag, which designates where aggregate DMARC reports should be sent, is far more significant than pct when p=none is set. This tag ensures that domain owners receive the necessary data to understand their email ecosystem. More on DMARC policies and their tags.

Key findings

• definition of pct: The pct tag is defined as the percentage of messages from the Domain Owner's mail stream to which the DMARC policy is to be applied (RFC 7489).
• p=none functionality: A p=none policy clearly states that no specific action should be taken based on the DMARC policy for messages failing DMARC alignment, as noted by Scaleway Documentation.
• inconsequential interaction: When the policy itself dictates no action, applying a percentage (pct) to that non-action is logically and functionally moot.
• reporting remains: Even with p=none, aggregate reports (RUA) will still be generated, providing valuable data regardless of the pct setting. This is highlighted by NsLookup.io.

Key considerations

• intended use of pct: The pct tag is fundamentally intended for use with quarantine or reject policies to control the rate of enforcement, as detailed in the DMARC specification.
• subdomain policy: The sp tag functions identically to p but applies specifically to subdomains, as explained by DuoCircle. Therefore, sp=none also renders pct irrelevant for subdomains.
• avoiding unnecessary tags: While harmless, including a pct tag with p=none can be omitted for cleaner, more unambiguous DMARC records.