Yes, but only in a narrow way. A DMARC record with p=quarantine and pct=0 publishes a quarantine preference while asking receivers that honor pct to apply that preference to zero percent of the affected mail. It can still generate aggregate DMARC reports through rua. It does not give practical quarantine enforcement against spoofing at receivers that follow the percentage tag.
I treat this as a staging or diagnostic state, not a real protection state. It is different from p=none because p=none expresses no handling preference. p=quarantine; pct=0 says failed mail is suspicious, then turns the requested action down to zero.
- Direct answer: It does something at the policy-signaling and reporting layer, but not meaningful enforcement.
- Receiver impact: A receiver that honors pct=0 should not apply the requested quarantine action because of that policy.
- Best use: Use it briefly while validating sources, then move to a real percentage or remove the staged policy.
- Bad use: Do not leave it in place and assume your domain has active DMARC enforcement.
The short answer
A DMARC policy has two separate jobs. First, it tells receivers how the domain owner wants failed mail handled. Second, when a reporting address exists, it causes receivers to send aggregate data about mail claiming to use the domain. A record with p=quarantine and pct=0 still helps with DMARC monitoring if the reporting address is valid, but it does not ask compliant receivers to quarantine any failed mail under that percentage setting.
What this record really says
- Policy preference: The domain owner considers failed mail suspicious enough for quarantine treatment.
- Application rate: The requested quarantine action applies to zero percent of the mail stream covered by the tag.
- Report flow: Aggregate reports can still arrive if rua is present and the receiver sends them.
- Security result: It is not a reliable anti-spoofing control until the percentage reaches a real enforcement level.
Example record with no practical enforcementdns
v=DMARC1; p=quarantine; pct=0; rua=mailto:dmarc@example.com
The important point is that pct=0 affects the requested disposition, not the existence of the DMARC record. Receivers can still evaluate DMARC. They can still include the domain in reports. They can still use their own filtering rules. The thing that drops to zero is the domain owner's requested quarantine handling for mail that fails DMARC.
How pct changes enforcement
The pct tag is a rollout control for the requested DMARC policy. If the policy is quarantine, the percentage controls how much of the relevant mail should receive quarantine treatment when the receiver honors the tag. If the policy is reject, it controls how much should receive reject treatment. If the tag is omitted, the normal assumption is full application of the requested policy.
|
|
|
|---|---|---|
p | Requested receiver policy | Still declares intent |
pct | Policy rollout rate | No requested action |
rua | Aggregate reports | Reports can continue |
ruf | Failure samples | Rarely dependable |
DMARC policy tags and their practical meaning
Useful pct settings
Use the percentage tag as a short rollout control, not as a permanent policy state.
Staging
0
Useful only while checking report data and receiver behavior.
Partial rollout
1-99
Can test impact, but it is harder to explain and validate.
Full policy
100
The clean state for real quarantine or reject enforcement.
Before changing a production record, I check the syntax with a DMARC checker and generate a clean replacement with a record generator. Tiny syntax mistakes can turn a cautious rollout into a record that receivers ignore.
DMARC checker
Look up a domain's DMARC record and catch policy issues.
?/7tests passed
The safest interpretation is simple: pct=0 is a test position. It can help you prove that the DNS record is live and that reports are arriving. It should not be the point where you stop.
Why pct=0 is not the same as none
In day-to-day delivery, p=none and p=quarantine; pct=0 often look similar because neither produces a requested quarantine action when the receiver follows the tag. They do not say the same thing, though. One says no requested action. The other says quarantine is the desired policy, but apply it to none of the covered mail right now.
p=none
- Main signal: The domain owner asks receivers to take no specific DMARC action.
- Common use: Monitoring all sources before policy enforcement begins.
- Risk: Spoofed mail is not constrained by a DMARC enforcement request.
p=quarantine with pct=0
- Main signal: The domain owner says failures are suspicious, but requests zero application.
- Common use: A short staging state before raising the policy percentage.
- Risk: Teams can mistake the record for active protection.
That difference matters when a scanner, procurement questionnaire, or brand requirement only checks whether the policy is non-none. A shallow check can pass the first part and miss the percentage. A serious review checks the full record and treats pct=0 as no active enforcement. The same caution applies when comparing this setting with p=none implications.
Infographic showing that pct=0 keeps reporting but pauses DMARC enforcement.
Receiver handling still wins
DMARC policy is a domain owner preference, not a command. Receivers handle failed mail under their own local rules. quarantine usually means the sender wants failed mail treated as suspicious. That can mean spam folder placement, extra filtering, or a warning signal inside a broader scoring system. It does not force every mailbox to use the same folder, warning, or SMTP behavior.
Do not assume spam folder placement
A receiver can treat failed DMARC mail more strictly, less strictly, or differently than your record requests. That is normal. The policy gives receivers a clear signal about your preference, but the receiver still decides final handling.
- Mailbox rules: Filtering systems combine DMARC with reputation, content, user signals, and local policy.
- Forwarded mail: Receivers can soften handling when forwarding patterns make direct rejection risky.
- Partial policy: A percentage below full enforcement adds another reason for inconsistent outcomes.
This is why I do not describe p=quarantine; pct=0 as security enforcement. It is a signal that can be useful during rollout. It is not the point where a domain owner should claim the domain is protected against unauthenticated use.
Cleaner staging sequencedns
v=DMARC1; p=none; rua=mailto:dmarc@example.com v=DMARC1; p=quarantine; pct=25; rua=mailto:dmarc@example.com v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com
For most domains, I prefer a simple rollout: monitor, fix known senders, raise to a small nonzero percentage if needed, then finish at full policy. If the domain has complex mail flows, use a written plan to transition safely instead of leaving a zero-percent quarantine record in place.
BIMI and pct=0
Do not rely on p=quarantine; pct=0 for BIMI. BIMI checks are built around enforced DMARC, not a record that only looks enforced at first glance. In practical terms, a non-none policy with a zero percentage can fail the test because the domain is not really asking receivers to act on failed mail.
BIMI needs real enforcement
If the goal is BIMI, plan for full enforcement with p=quarantine or p=reject. A record that depends on pct=0 is a poor fit for brand indicator approval.
This is one of the places where a shallow compliance check creates confusion. The record has a non-none policy, but the percentage removes enforcement. When the target is brand indicators, use the actual BIMI requirements rather than guessing from the policy tag alone.
How I use pct=0 in rollout
I use pct=0 only when there is a specific reason to stage the exact future policy before enforcement starts. That reason can be change control, a receiver behavior test, or a short validation window after DNS ownership changes. Without a clear reason, p=none is easier for everyone to understand during pure monitoring.
- Map senders: List every system that sends mail using the domain or its subdomains.
- Fix authentication: Make sure each source passes SPF or DKIM with the visible From domain.
- Watch reports: Check aggregate data for unknown sources, broken forwarding, and subdomain gaps.
- Raise policy: Move to a nonzero percentage, then to full quarantine or reject when failures are understood.
- Remove ambiguity: Once stable, omit pct or set it to full policy rather than keeping a zero value.
Hosted DMARC configuration dialog showing policy controls, CNAME setup, and expanded advanced options
Suped's Hosted DMARC workflow is useful for this because policy staging can be handled without repeated manual DNS edits. Suped also shows the sources behind DMARC failures, flags configuration issues, and gives fix steps, which matters more than the policy text by itself.
For most teams, Suped is the strongest practical choice because it brings DMARC, SPF, DKIM, hosted policy controls, alerts, blocklist monitoring, and multi-domain reporting into one place. The zero-percent question then becomes part of a workflow: see the failing source, fix the source, verify the fix, and raise the policy.
When pct=0 makes sense
There are a few legitimate reasons to publish a non-none policy with a zero percentage, but they are narrow. I would not use it as a default DMARC stage for every domain. The record should have an owner, an end date, and a planned next percentage.
- Change windows: A team has approval to publish the future policy now, but enforcement starts after a fixed date.
- Receiver tests: A team wants to observe how reports or intermediaries react before any requested action applies.
- List behavior: Some mailing list paths rewrite envelope or header details when they see a stricter policy.
- Policy proof: A team needs to prove DNS publication before moving to an active percentage.
A better operational rule
If you cannot name the next policy change and the date it will happen, do not use pct=0. Keep the record at p=none while monitoring, or move to real enforcement when the data supports it.
Recommended production recordsdns
v=DMARC1; p=none; rua=mailto:dmarc@example.com v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com v=DMARC1; p=reject; rua=mailto:dmarc@example.com
Those three records are easier to explain than a long series of partial percentages. Use the first while discovering senders, the second when failed mail should be treated as suspicious, and the third when unauthenticated use of the domain should be refused where the receiver supports that handling.
Views from the trenches
Best practices
Use pct=0 only as a short staging state, then move to pct=100 after source cleanup.
Record an owner and review date for every partial DMARC policy before it goes live.
Check aggregate reports for unknown senders before raising quarantine above zero.
Use full enforcement for BIMI planning instead of relying on a non-none policy string.
Common pitfalls
Treating pct=0 as active enforcement creates a false sense of domain protection.
Passing shallow compliance checks can hide that the policy action is set to zero.
Leaving partial policy in DNS for months makes policy ownership and review timing unclear.
Assuming quarantine always means spam placement ignores receiver local policy choices.
Expert tips
Use pct changes as temporary release gates, not as a long-term model for domains.
Compare report trends before and after policy changes instead of checking only DNS text.
Validate mailing list paths because stricter policy signals can alter handling in rollout.
When enforcement is stable, remove pct so the record has fewer moving parts for reviewers.
Marketer from Email Geeks says a quarantine policy with pct=0 usually has the same enforcement effect as monitoring, but it still declares a non-none preference.
2026-03-01 - Email Geeks
Marketer from Email Geeks says BIMI planning should assume full percentage enforcement, because a mailbox provider can refuse indicators when pct is below 100.
2026-03-01 - Email Geeks
The practical answer
A DMARC record with p=quarantine; pct=0 does something, but not the thing many people assume. It declares a quarantine preference, keeps reporting possible, and can help with controlled staging. It does not create useful quarantine enforcement when receivers honor the percentage.
If the domain is still being assessed, use p=none and focus on source cleanup. If the domain is ready for protection, move to p=quarantine or p=reject at full application. Suped helps make that decision from actual report data, verified sources, alerts, and hosted policy controls rather than guesswork around a single DNS tag.
