Understanding Policy Phases
None, Quarantine, and Reject explained
Understanding DMARC Policy Phases
DMARC policies tell receiving email servers what to do with emails that fail authentication. DMARC Busta guides you through three phases:
Monitor (p=none)
Emails are delivered normally regardless of authentication results. You receive reports to see what's happening without affecting delivery.
Use when: Starting out, collecting data, identifying legitimate sources
Quarantine (p=quarantine)
Emails that fail authentication are sent to spam/junk folders. Legitimate email still gets through, but suspicious email is flagged.
Use when: 95%+ compliance achieved, sources are stable
Reject (p=reject)
Emails that fail authentication are blocked completely. Maximum protection against spoofing and phishing.
Use when: 99%+ compliance, all sources verified, stable for 30+ days
Why we don't use the pct= tag
Older DMARC guides suggest staging enforcement with the pct= tag
(applying the policy to only a percentage of email). DMARC Busta does not:
the tag is deprecated in DMARCbis, and mailbox providers have always honored
it inconsistently — some apply the full policy regardless. Instead, each
policy step is applied fully, and safety comes from the monitoring window,
pass-rate checks, and automatic rollback between steps.