What are the 3 types of DMARC policies?

Updated at: Jun 24, 2020
By Gatefy

Email to illustrate a DMARC policy.

DMARC is an email authentication and validation protocol. It protects the business's reputation and brand by allowing the company to have control and visibility over who uses its domain to send emails, blocking cyber threats. There are 3 types of DMARC policies.

DMARC policies work by informing and instructing email providers how to handle messages that have authentication failures.

In other words, if an email fails DMARC authentication, the policy that was set up by the domain owner will be applied.

After that, reports about the email deliverability are sent to the domain owner, allowing him to have visibility over the process of sending messages.

Thus, the great benefit of adopting DMARC is to prevent cybercriminals from using the company's domain to deceive customers, partners, and even employees.

DMARC helps to fight phishing, spoofing, BEC (Business Email Compromise), and even malware, such as ransomware and trojan, that may be linked to email attacks.

By the way, DMARC stands for Domain-based Message Authentication, Reporting & Conformance.

To implement DMARC, you need to create a DNS record with your company domain, set up an email to receive the reports, and choose one of the policies to tell email providers what to do in case of problems and failures of validation.

3 types of DMARC policies

Now, the questions are: what are the DMARC policies? What do they mean? Keep in mind that the chosen policy must be included in the DMARC record. 

1. None policy (p=none)

None is the simplest DMARC policy. By configuring a none policy, you allow even emails with failed authentication to be delivered. That is, your company's email traffic continues to flow normally, as it always has.

But why then define a none policy? So you can start receiving reports on your domain usage and understand how DMARC works.

This way, for example, you can find out the number of emails that were received by a particular email provider, and how many messages have failed.

2. Quarantine policy (p=quarantine)

Quarantine policy is an evolution. When defining a quarantine policy, you tell email providers that messages that have failed authentication must be sent to the spam folder, or junk folder.

The quarantine policy is recommended as a second stage in DMARC's deployment because it blocks the use of your domain for malicious purposes and still allows you to have control over false positives.

That is, legitimate emails that have been blocked due to a misconfiguration.

3. Reject policy (p=reject)

Reject policy is the last stage of DMARC, recommended only after you have had experience with none and quarantine policies.

The reject is the most stringent DMARC policy because it prevents emails with authentication failures from being received. In other words, failed messages are always blocked.

From a cybersecurity point of view, it’s the best DMARC policy, blocking cybercriminals from exploiting your business’s domain and brand. But, as stated, reject requires that the company has a higher level of maturity, so that legitimate emails aren't marked as false positives.

How to implement DMARC easily

DMARC is known to be a technology that's difficult to implement. It requires that you have knowledge about different types of email authentication protocols.

But we have a solution. Gatefy Anti-Fraud Protection is a product designed to simplify DMARC's process of email authentication and enforcement.

Our solution focuses on efficiency, reducing this complexity. It helps your business to adopt DMARC in a simple and easy way, allowing you to have control over the use of your company’s domain.

This way, your business not only improves domain and brand security, but also saves time and money.

Read more information about it at Gatefy Anti-Fraud Protection or contact us.