If we are talking about Email Security, the first thing that comes to our consideration is DMARC. In this topic, I will walk through DMARC, and the different policy options available, that is DMARC Quarantine vs Reject.
What is DMARC?
DMARC stands for Domain-based Message Authentication, Reporting, and Conformance.
DMARC is an email authentication protocol, that helps to prevent spammers from using your domains to send emails without your permission.
So, any spammer sends the emails using your domains without your permission, the email’s receiver knows that emails are coming from an untrusted source and decides what to do either receiver rejects that mails or moves to spam.
If you care about email security, it is a must to set DMARC for your domains. DMARC works based on the results of the other two common email authentication standards SPF or DKIM.
Now get into the topic, DMARC Quarantine vs Reject,
As part of DMARC, we can define the policy to tell emails receivers how to handle the emails from an untrusted source that fails DMARC alignment.
Quarantine and Reject are the two ways to define this policy.
What is DMARC Quarantine?
Quarantine tells the email’s receiver to accept the mails even though it fails in DMARC alignment. But email receivers can decide where to put these quarantined mails.
So, the mail server administrator from the receiver ends can manage these quarantine mails. They can move these emails to spam boxes or block them.
We might have a small chance to fail DMARC alignment for the legitimate emails because of this, the receiver can block the legitimate emails, or marking them as spam. This also reduces the domain value.
How to set the DMARC quarantine policy?
To define DMARAC Quarantine, we have to use the parameter “p=quarantine” in the DNS record.
What is DMARC Reject?
Quarantine tells the email’s receiver to reject the mails if fail in DMARC alignment. So, the email receiver has no choice to play a role.
Here too we might have a chance to reject some legitimate emails. But the domain value is always safer while setting this policy. Because emails your domains never go to spam.
How to set the DMARC reject policy?
To define DMARAC Reject, we have to use the parameter “p=reject” in the DNS record.
What is DMARC None?
None tells the email’s receiver to accept the mails even though if fail in DMARC alignment. But details will be logged for reporting.
How to set the DMARC none policy?
To define DMARAC None policy, we have to use the parameter “p=none” in the DNS record.
Summarizing the DMARC Policies,
| p=quarantine | Accept the emails and move to spam. |
| p=reject | Reject the emails before reaching the inbox. |
| p=none | Accept the emails and log the report. |
Final Words What should you Prefer, DAMRC Quarantine vs Reject?
My choice is Reject because it always rejects the spam or malicious emails from untrusted sources and emails receiver nothing to do. Hence email receivers are always safe and don’t get spam from your domains. This will keep your domain value high. If you are running an organization where email security is a must and sending emails to your end-users or customers, set up DMARC with a reject policy this is the right and best way. By the way, it will be you and your organization’s decision to choose the best policy that satisfies the need.
Although reject policy is my opinion, both the quarantine and rejects ensure email security by preventing the mails from an untrusted source and also spam/malicious emails.
