Suped

What are the best practices for setting DMARC policy, particularly p=reject?

Summary

Setting a DMARC policy, especially to p=reject, is a critical step in enhancing email security and deliverability. While p=none is useful for initial monitoring, the ultimate goal for strong domain protection is to reach p=reject. This policy instructs receiving mail servers to outright reject emails that fail DMARC authentication, preventing fraudulent emails from reaching inboxes. However, implementing p=reject requires careful planning and a thorough understanding of all legitimate email streams originating from your domain. A phased approach is generally recommended to avoid inadvertently blocking valid emails.

Suped DMARC monitor
Free forever, no credit card required
Get started for free
Trusted by teams securing millions of inboxes
Company logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logo

What email marketers say

Email marketers often approach setting DMARC p=reject with a mix of confidence and caution. While many recognize p=reject as the ideal state for security and brand protection (especially for BIMI compliance), they are keenly aware of the risks. The primary concern is inadvertently blocking legitimate email, particularly from unknown or unauthenticated mail streams. Marketers emphasize the importance of thorough preparation, continuous monitoring of DMARC reports, and understanding the full scope of a domain's email sending infrastructure before making the leap to p=reject.

Marketer view

An Email Geeks marketer states that setting DMARC to p=reject is acceptable if you are highly confident in the authenticity of your outgoing mail. This policy acts as a strong enforcement mechanism against unauthorized email.

27 Aug 2019 - Email Geeks

Marketer view

A marketer from Email Geeks explains that p=none is for gaining understanding of your mail streams, p=quarantine is for accepting mail but moving it to spam, and p=reject is for outright blocking unauthenticated emails.

27 Aug 2019 - Email Geeks

What the experts say

Email deliverability experts universally agree on the strategic importance of adopting a p=reject DMARC policy for robust email security and brand protection. Their insights underscore the necessity of a methodical approach, emphasizing that the transition from monitoring to enforcement should be data-driven. Experts frequently highlight the hidden complexities of email infrastructure, such as unknown sending services and the nuances of mail forwarding, which can lead to legitimate emails being blocked if not meticulously accounted for. They strongly recommend using DMARC reports to uncover these potential pitfalls before fully enforcing a p=reject policy.

Expert view

An expert from Email Geeks suggests monitoring DMARC reports, either manually or with a tool, to discover unexpected mail streams and potential third-party spoofing of your domain. This proactive approach helps prevent legitimate emails from being rejected.

27 Aug 2019 - Email Geeks

Expert view

An expert from Spam Resource advises that without proper DMARC authentication, various legitimate mail streams from your organization, such as those from Google Apps, recruiting, or help desk software, might be rejected when a p=reject policy is implemented.

22 May 2024 - Spam Resource

What the documentation says

Official documentation and authoritative sources consistently advocate for a p=reject DMARC policy as the ultimate security posture. They outline the distinct actions associated with p=none, p=quarantine, and p=reject, emphasizing p=reject's role in completely blocking unauthenticated mail. The recommended best practice is to adopt a phased approach, leveraging the pct tag to gradually increase enforcement. This systematic transition minimizes disruption while maximizing protection against spoofing and phishing.

Technical article

Mailgun documentation states that p=reject is considered the ultimate goal of DMARC implementation. While p=quarantine is a good starting point, preventing spoofed emails from consistently landing in spam folders requires the stricter reject policy.

22 Jun 2024 - Mailgun

Technical article

The 101domain Blog recommends adopting a phased approach to DMARC, particularly when implementing p=reject or p=quarantine. This signifies a strategic move towards stronger email authentication.

20 May 2025 - The 101domain Blog

14 resources

Start improving your email deliverability today

Get started