4 situations in which you should use the DMARC’s p=none policy

Compliance is driving a lot of the DMARC adoption we see, says Vasile Diaconu, Operations Lead at DuoCircle. PCI DSS v4.0, Google’s sender requirements, Microsoft’s May 2025 enforcement - our support team fields questions about these mandates daily. The organizations that moved early are already at p=reject. The rest are scrambling.

DMARC (RFC 7489) ties SPF and DKIM together by requiring alignment between the envelope sender and the visible From header. According to Google’s February 2024 bulk sender requirements, a DMARC policy of at least p=none is now mandatory for any domain sending 5,000+ messages per day to Gmail users. DMARC Report

4 situations in which you should use the DMARC’s p=none policy

					<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
						

Play Episode

					</button>
					<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
						

Pause Episode

					</button>
					


				

				

					<audio preload="none" class="clip clip-18006">
						<source src="https://media.mailhop.org/dmarcreport/images/2024/11/4-situations-in-which-you-should-use-the-Deemarks-pnone-policy-1.mp3">
					</audio>
					

						

					

					

						

							<button class="player-btn player-btn__volume" title="Mute/Unmute">
								

Mute/Unmute Episode

							</button>
							<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
								

Rewind 10 Seconds

							</button>
							<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
							<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
								

Fast Forward 30 seconds

							</button>
						

						

							<time class="ssp-timer">00:00</time>
							

/

							<!-- We need actual duration here from the server -->
							<time class="ssp-duration" datetime="PT0H2M5S">2:05</time>
						

					

				

			

								<nav class="player-panels-nav">
												<button class="subscribe-btn" id="subscribe-btn-18006" title="Subscribe">Subscribe</button>
																		<button class="share-btn" id="share-btn-18006" title="Share">Share</button>
										</nav>
						

	



		

						

				

					

					

				

				

					

																																																																								

					

						

RSS Feed

							<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-18006" title="RSS Feed URL" readonly />
						

						<button class="copy-rss copy-rss-18006" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
					

				

			

									

				

					

					

				

				

					

						Share						

					

						<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/4-situations-in-which-you-should-use-the-dmarcs-pnone-policy/&t=4 situations in which you should use the DMARC’s p=none policy" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
							

						</a>
						<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/4-situations-in-which-you-should-use-the-dmarcs-pnone-policy/&url=4 situations in which you should use the DMARC’s p=none policy" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
							

						</a>
						<a href="https://media.mailhop.org/dmarcreport/images/2024/11/4-situations-in-which-you-should-use-the-Deemarks-pnone-policy-1.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
							

						</a>
					

				

				

					

						Link						

					

						<input value="https://dmarcreport.com/blog/podcast/4-situations-in-which-you-should-use-the-dmarcs-pnone-policy/" class="input-link input-link-18006" title="Episode URL" readonly />
					

					<button class="copy-link copy-link-18006" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
				

				

					

						Embed						

					

						<input type="text" value='<blockquote class="wp-embedded-content" data-secret="u2EdYVVD7C"><a href="https://dmarcreport.com/blog/podcast/4-situations-in-which-you-should-use-the-dmarcs-pnone-policy/">4 situations in which you should use the DMARC’s p=none policy</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://dmarcreport.com/blog/podcast/4-situations-in-which-you-should-use-the-dmarcs-pnone-policy/embed/#?secret=u2EdYVVD7C" width="500" height="350" title=""4 situations in which you should use the DMARC’s p=none policy" - DMARC Report" data-secret="u2EdYVVD7C" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script>

/*! This file is auto-generated / !function(d,l){“use strict”;l.querySelector&&d.addEventListener&&“undefined”!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll(‘iframe[data-secret=”‘+t.secret+’”]’),o=l.querySelectorAll(‘blockquote[data-secret=”‘+t.secret+’”]’),c=new RegExp(“^https?:$”,“i”),i=0;i<o.length;i++)o[i].style.display=“none”;for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(“style”),“height”===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):“link”===t.message&&(r=new URL(s.getAttribute(“src”)),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(“message”,d.wp.receiveEmbedMessage,!1),l.addEventListener(“DOMContentLoaded”,function(){for(var e,t,s=l.querySelectorAll(“iframe.wp-embedded-content”),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(“data-secret”))||(t=Math.random().toString(36).substring(2,12),e.src+=”#?secret=“+t,e.setAttribute(“data-secret”,t)),e.contentWindow.postMessage({message:“ready”,secret:t},"")},!1)))}(window,document); //# sourceURL=https://dmarcreport.com/wp-includes/js/wp-embed.min.js ’ title=“Embed Code” class=“input-embed input-embed-18006” readonly/>

					<button class="copy-embed copy-embed-18006" title="Copy Embed Code" aria-label="Copy Embed Code"></button>
				

			

				

DMARC has three policies - none, quarantine, and reject. The ‘quarantine’ and ‘reject’ policies are strict and are used the most. However, there are cases where the ‘none’ policy is ideal. The ‘none’ policy is enforced using the p=none tag in a DMARC record. It instructs the receiving servers to take no action against unauthorized emails sent from your domain.

It’s obvious for you to think of the ‘none’ policy as the useless or inefficient one, but here are four ideal use cases for it.

1. For a domain that has just begun with DMARC

If you have just implemented DMARC for your domain, it’s not ideal to enforce the ‘quarantine’ or ‘reject’ policy as you are yet to know if your emails are being subjected to false negatives and false positives. So, first, start monitoring the relationship of your domain with different receiving mailboxes.

Another reason why experts ask to start with the p=none policy is because it helps you enlist all the legitimate sources sending emails from your domain. So, before you move to the stricter policies, you should have this list ready. Otherwise, you might miss out on enlisting a genuine sender in the list, subjecting their emails to delivery failures.

2. For gradually progressing DMARC policies

It’s good to move gradually from the p=none policy to stricter ones like p=quarantine or p=reject to avoid disrupting email flow. Being hasty about this can cause problems, especially if SPF and DKIM aren’t correctly aligned. A slow, phased approach gives you enough time to **identify and fix the issues without hampering the deliverability of genuine messages sent from your domain.

Once you are sure that everything is configured correctly and that there are minimum, tolerable instances of false positives or negatives, you can safely adopt stricter policies.

3. To maintain or improve the deliverability rate for domains used for transactional emails

If you have a **domain or subdomain dedicated to sending transactional emails or receipts, using the ‘none’ policy is advised . If this process involves third-party vendors like CRM systems or marketing platforms, stick to the p=none policy for a long time. Progress to ‘quarantine’ or ‘reject’ only when you are fully confident.

We emphasize this approach because the ‘none’ policy lets you spot **third-party senders and **check their authentication settings without affecting the delivery of important emails. You also get to know if any external senders need updates to their authentication.

4. For businesses with multiple units, channels, and teams

Large companies have several teams and departments, complicating and decentralizing the email flow. If that’s the case with you, enforce **p=none to monitor emails across departments. This is even more useful when you have to apply a single authentication method across all the existing and upcoming systems.

We suggest you pay attention to monitoring DMARC reports to detect non-compliant sources. If managing and monitoring XML reports is challenging for you, reach out to us. We can take care of it and help you adjust DMARC policies and other configurations as and when required. This will ensure optimum **protection from phishing and spoofing attacks attempted in your name.