A DMARC Policy tells the email receivers like Microsoft (Hotmail, Live, Outlook etc), Gmail, Yahoo! and other DMARC Internet Service Providers who adopted DMARC what to do if an email fails the DMARC check.
Available DMARC policies
There are three DMARC policies you can choose of if an email fails the DMARC checks. You can choose NONE, QUARANTINE and REJECT.
Monitor policy: p=none
With NONE you do not want the email receiver to do anything with the emails send. The email just goes into the inbox / folder of the receiver and you can use this data of the DMARC reports to start analyzing who is sending emails on your behalf. After some good analysis you can go to the next level, QUARANTINE.
Quarantine policy: p=quarantine
With QUARANTINE you tell the email receivers to put these emails in special ‘quarantine’ folders like the junk / spam folder. You still analyze all the data and check who is sending email on behalf of your domain and if they are allowed to.
Reject policy: p=reject
With REJECT you ask the email receivers to reject all emails who fail the DMARC check. All these email will bounce and will not end up in any folder of the receiver. With this policy all your email is secure but be aware that everything should be in place otherwise you will also block emails that are send from your domain but you do not add them to the whitelist. For example; if you use third party senders like CRM systems or Email Service Providers and you did not give them permission to send on your behalf, all their emails will bounce.
You can use DMARC Analyzer to start Analyzing your DMARC data and check who is sending email on behalf of your domain. Click here to sign up for a free DMARC Analyzer account.