Will Yahoo and Google require DMARC p=quarantine or p=reject in 2025?

Key findings

• Current status: As of February 2024, Google and Yahoo's requirements for bulk senders primarily focused on having a DMARC record with at least a p=none policy. This initial step aimed to encourage broader DMARC adoption.
• No official Google/Yahoo announcement: There is no formal public statement from Google or Yahoo explicitly mandating a switch to p=quarantine or p=reject for 2025 at this time.
• Microsoft's lead: Microsoft's announcement to enforce p=quarantine or p=reject from May 2025 sets a precedent and indicates the direction of industry expectations.
• Industry sentiment: There is a strong, albeit informal, understanding that major mailbox providers prefer and anticipate a move towards stricter DMARC policies to enhance email security.
• Benefits of stronger policies: Adopting p=quarantine or p=reject offers improved protection against spoofing and phishing, positively impacting sender reputation and email deliverability.

Key considerations

• Proactive approach: Regardless of official mandates, senders should consider proactively moving to a stronger DMARC policy. This aligns with best practices and can improve trust with mailbox providers.
• Safe transition: Implementing p=quarantine or p=reject requires careful planning and monitoring of DMARC reports to avoid legitimate email disruption. Learn how to safely transition your DMARC policy.
• Industry alignment: The long-term trend in email authentication is towards stronger enforcement, making a move to p=quarantine or p=reject inevitable for optimal deliverability and brand protection. Information from Email on Acid supports this view.

Key opinions

• Logical progression: Many marketers view the potential shift to stricter DMARC policies as a natural and expected evolution, reinforcing email security standards.
• Strong supposition: Even without explicit written requirements, the widespread discussions and subtle cues from providers make the idea of stronger policies a strong logical supposition.
• Readiness concerns: Some marketers express concern that a 2025 mandate for p=quarantine or p=reject might be too rushed, given the current adoption rates of DMARC even at p=none.
• Trust and deliverability: There's a general understanding that moving to stricter DMARC policies ultimately benefits senders by improving trust and ensuring better email deliverability, preventing emails from landing on blacklists or blocklists due to spoofing.

Key considerations

• Proactive adoption: Marketers are advised to be proactive and plan for a transition to p=quarantine or p=reject to stay ahead of potential future requirements and improve their email programs.
• Gradual implementation: It's important to move through the DMARC policy levels incrementally (e.g., from p=none to p=quarantine, then p=reject) while diligently monitoring DMARC reports. This is a key part of best practices for DMARC policies.
• Aligning with evolving standards: Marketers need to stay informed about the shifting landscape of email authentication. Even if not mandated, a stronger DMARC policy will be increasingly seen as a baseline for legitimate senders, as noted by Mailgun's research on email authentication.

Key opinions

• Desired state: Representatives of major email providers have clearly indicated a desire for senders to adopt stricter DMARC policies like p=quarantine or p=reject.
• Implicit enforcement: Even if not a formal requirement, stronger DMARC policies are becoming implicitly necessary to achieve optimal inbox placement and avoid being filtered or blocked.
• Benefits for deliverability: Stricter DMARC policies help establish domain trustworthiness, which is crucial for overall email deliverability in 2025.
• Evolution of standards: The transition from p=none to p=quarantine or p=reject is a natural progression in strengthening email authentication protocols against phishing and spam.

Key considerations

• Anticipate changes: Email senders should treat the informal cues and Microsoft's announcement as strong indicators of future requirements from other providers, including Google and Yahoo.
• Strategic implementation: A strategic plan to gradually increase DMARC policy enforcement, rather than waiting for an explicit mandate, is recommended. This helps prevent deliverability issues down the line.
• Compliance as a solution: Strengthening DMARC (and ensuring proper SPF and DKIM alignment) can resolve deliverability problems. Cybersecurity Insiders highlights Microsoft's new requirements as a step in this direction.

Key findings

• Initial requirements: Google and Yahoo, from February 2024, require bulk senders to have a DMARC policy in their DNS, with a minimum of p=none.
• Microsoft's 2025 mandate: Effective May 5, 2025, Microsoft will enforce DMARC requirements for certain senders, specifically requiring p=quarantine or p=reject.
• Benefits of strict policies: Documentation highlights that stronger DMARC policies are crucial for protecting domains from spoofing and phishing, thus improving email deliverability and sender reputation.
• Recommended progression: Many authoritative sources advise a phased approach to DMARC, moving from p=none to p=quarantine and ultimately to p=reject for maximum protection.

Key considerations

• Compliance framework: Senders must understand that the landscape of email authentication is dynamic. Meeting current requirements is essential, but anticipating future, stricter demands is prudent.
• Strategic planning: Companies should plan to implement p=quarantine or p=reject to align with the highest standards, even if Google and Yahoo haven't formally announced it for 2025. This proactive approach improves sender reputation and delivery.
• Monitoring and adaptation: Continuous monitoring of DMARC reports is vital to assess the impact of policy changes and adapt as necessary. Enom's support documentation provides insight into the overall requirements.