DMARC Policy Readiness
Understanding when you're ready to upgrade
DMARC Policy Readiness
The Policy Readiness card tells you whether your domain is ready to move to a stricter
DMARC policy. It performs a set of safety checks before you (or the system automatically)
upgrades from p=none → p=quarantine → p=reject.
The Three Policies
| Policy | Effect on Failing Email | When to Use |
|---|---|---|
| p=none | Delivered normally — monitoring only | Starting point. Collect data, identify sources. |
| p=quarantine | Sent to spam/junk folder | 95%+ compliance. Legitimate email still gets through. |
| p=reject | Blocked completely — not delivered | 99%+ compliance. Maximum protection against spoofing. |
Readiness Requirements
| Requirement | For Quarantine | For Reject |
|---|---|---|
| DMARC Pass Rate | 95%+ | 99%+ |
| Minimum Email Volume | 1,000+ messages in the monitoring period | |
| Stable Compliance | No significant drops in the last 30 days | |
| No Critical Failures | No high-volume sources with both SPF and DKIM failing | |
Readiness Status Indicators
All requirements met. You can upgrade now, or let the automated progression handle it.
Pass rate is close but not quite there. Approve a few more sources to push over the threshold.
Compliance is too low or there are critical unresolved failures. Fix authentication issues before upgrading.
Gradual Rollout with pct=
DMARC Busta moves your policy up in whole steps (none → quarantine → reject), with a monitoring window and pass-rate checks between each step:
p=none— monitoring only; nothing is filteredp=quarantine— failing emails go to spamp=reject— failing emails are refused outright
The monitoring window between steps is what catches unexpected delivery issues before
the next level of enforcement applies. (The legacy pct= tag for partial
rollouts is deprecated in DMARCbis and honored inconsistently by receivers, so DMARC
Busta no longer uses it.)
Don't Skip Quarantine
Going straight from p=none to p=reject is risky.
The quarantine phase gives you time to catch legitimate sources that may have been missed
during the monitoring phase, before they're completely blocked.