DMARC Quarantine Vs Reject: What’s the difference?

October 11, 2023  |  2 min read

What is the difference between the DMARC policies quarantine and reject, and what will happen when I publish these policies? this article gains to answer these questions. It’s crucial to comprehend what happens when a DMARC quarantine or reject policy is issued, therefore we’ve gathered some information to help explain the variations between them.

Implementing a p=quarantine DMARC Policy

Quarantine informs the participating email receivers that you want them to be extra cautious when handling emails that fail the DMARC authenticity check. The recipient will still accept the email, but they will choose how to carry out the quarantine policy. The following are examples of potential implementations:

Quarantine:

If the email recipient has a quarantine mailbox, the message will be delivered there. The choice of whether the email is delivered or deleted will thereafter be made by the mailbox administrator.

Deliver to spam:

The email recipient may have the option to deliver non-compliant emails to the recipient’s spam folder if the recipient’s mailbox is hosted by the recipient. The recipient would then have the choice of deciding whether to move it to the inbox.

Aggressive anti-spam filtering:

The majority of recipients will see quarantined messages as being similar to spam and may give the message itself more points. By taking this extra step, the communication could be blocked by the recipient since it contains a lot of spam.

The fact that non-compliant email is still delivered despite the quarantine policy being published is crucial information. The email may or may not reach its intended recipient due to non-DMARC technology that may be used to stop spam, but email will still be delivered from email servers nonetheless.

Therefore, the effect of a quarantine policy on the valid email that is not compliant will not be immediately apparent to the sources of such email. The performance of the sender’s email communications will decline while sending valid but non-compliant messages.

Implementing a p=reject DMARC Policy

You ensure that all malicious email is blocked by setting a DMARC policy to p=reject. Additionally, because the infected email won’t be routed to a spam or quarantine folder, the intended recipient won’t even be aware that it exists. The following are examples of potential p=reject implementations:

  • At SMTP time, decline to accept email that is not compliant. Delivery to DMARC verifying recipients is disallowed, making this the preferred and most extensively used approach. Senders will be alerted right away as to why their non-compliant email was rejected.
  • Accept emails via SMTP at first, but stop them from being delivered in the end if DMARC checks out. This method is less ideal since even though SMTP has been used to assume delivery responsibilities, the email is ultimately not sent.

Emails are never delivered since it is entirely blocked, and consumers cannot be duped into clicking on a bad link or opening a risky attachment by default.

Limiting the Impact of Policy

DMARC is created to give domain owners access into their domains’ performance through feedback reports. Before implementing either DMARC quarantine or reject policy, domain owners are expected to use this visibility to bring their lawful sources of email into compliance with DMARC.

Use Skysnag to generate your DMARC record, create an account here

Conclusion

With that being said, in order to implement a Dmarc policy that ensures complete protection for the recipients of your emails choose p=reject. Skysnag’s automated DMARC reports aid in investigating potential security problems and identifying potential risks from impersonation attacks. Sign up using this link for a free trial and maintain a healthy domain.

Check your domain's DMARC security compliance

Enforce DMARC, SPF and DKIM in days - not months

Skysnag helps busy engineers enforce DMARC, responds to any misconfigurations for SPF or DKIM which increases email deliverability, and eliminates email spoofing and identity impersonation.