phishing attempts

 How does DMARC quarantine work against phishing attempts?

ByBrad Slavin
How does DMARC quarantine work against phishing attempts?
How does DMARC quarantine work against phishing attempts?
/

We’re only five months into 2025, and so far, 3.4 billion phishing emails have been sent on a daily basis. 

Every single day, inboxes around the world are flooded with fake messages trying to trick people into clicking fraudulent links or giving up sensitive information. And yes, spam filters do their bit to prevent these phishing and spoofing emails from reaching the inboxes, but they’re not foolproof. Besides, attackers are finding new ways to outsmart them— using AI to write convincing emails, registering lookalike domains, or even hijacking legitimate ones. This means you need something more than a cursory security check, something that doesn’t just detect suspicious emails, but knows what to do with them.

And that’s where DMARC (Domain-based Message Authentication, Reporting & Conformance) fits in. DMARC is perhaps the most effective security measure that allows you (the domain owner) to decide what should be done to emails that pretend to originate from your domain but don’t pass the authentication tests.

spam filters

With DMARC, you can enforce one of three policies:

  • p=none: It instructs the receiving mail server to just monitor the unauthorized emails sent on your behalf.
  • p=quarantine: It instructs the receiving mail server to mark such emails as suspicious and place them in the spam folder.
  • p=reject: It instructs to block the message altogether.

Let us take a look at how ‘p=quarantine’ protects your domain against phishing attempts.

Why phishing still bypasses spam filters in 2025?

It’s fair to think, “Aren’t spam filters doing their job properly?” but the truth is, they only work up to a certain extent. Now that phishing attempts are getting smarter and more sophisticated, these filters alone are not enough to defend against them.

Spam filters primarily look for such things as bad links, spammy words, or blacklisted addresses that are known. But if an email appears clean and is from a domain that appears legitimate, it can easily pass through. This is where DMARC makes a big difference. Instead of judging the email by how it looks, DMARC checks where it actually came from and whether it was sent with permission

Sender Policy Framework

How does the DMARC quarantine policy work?

As you already know, DMARC works to prevent email spoofing and phishing by determining how to treat emails that fail authentication tests. Now, there are one of three ways to do this; here we will focus on quarantine policy, which is often seen as a smart middle ground.

So, when you configure DMARC at p=quarantine, you’re basically telling the recipient’s server that if a message fails SPF (Sender Policy Framework) and/or DKIM (DomainKeys Identified Mail) authentication checks, make sure to treat it as suspicious and not just deliver it to the inbox. In this case, the practical approach would be to send it to the spam folder.

By doing so, you’re not entirely blocking the email—just being careful. This is exactly what you need if you want to leave some wiggle room for the recipient’s server to make a decision.  

spam folder

Let’s say the email is actually from someone you know, but didn’t make it through the checks because of some minor technical issue. With p=quarantine, the message still gets delivered, but lands in the spam folder instead of the inbox. At the same time, you’re also not running the risk of allowing a spoofed email to directly land in someone’s inbox.

What a DMARC policy set at p=quarantine does is it routes the email to the spam folder, where it’s labeled as suspicious. This reaches the recipient’s mailbox and also makes them more cautious and less likely to open malicious links or attachments.

So with quarantine, you’re essentially coming to a safe middle ground where you don’t block legitimate emails accidentally, but you still defend your recipients against phishing.

It’s a smart move, especially if you’re still setting things up or want to test the waters before moving to the stricter reject policy.

malicious links

Final thoughts: Why quarantine is a smart first step?

If you’re just starting with DMARC, quarantine is a safe and practical way to begin.

It doesn’t block emails completely, but it still protects your domain from being misused. By sending suspicious messages to the spam folder, you reduce the risk of phishing, without accidentally stopping real emails that may have small technical issues.

Once everything is working smoothly and you’re confident, you can always move to a stricter policy, like ‘reject.’ But until then, quarantine is a solid first step that offers protection without being too aggressive.

DMARC reports

One of the best ways to understand how receiving servers are handling your emails, before switching to a stricter policy, is by reviewing your DMARC reports. These reports tell you everything you need to know about your DMARC setup and help you decide how you can fine-tune it further.

Need help reviewing DMARC reports or fine-tuning your setup? Our team at DMARCReport is here to make DMARC monitoring a breeze for you! Contact us to know more. 

Similar Posts

DMARC Adoption Amongst US Education Sector

ByBrad Slavin

DMARC works by allowing organizations to define how their email domains should be authenticated and to receive reports on how their emails are being handled by other mail servers — protecting them against unauthorized email spoofing, phishing attempts, and cybercriminals seeking to impersonate their domain.  However, despite its effectiveness, DMARC adoption in the US education…

Troubleshooting DKIM issues for Google Workspace

Troubleshooting DKIM issues for Google Workspace

ByBrad Slavin

If your legitimate emails are failing DKIM authentication, being rejected, or being marked as spam, there might be a misconfiguration in your email authentication records. To know the problem, you need to check your SPF, DKIM, and DMARC records. This guide is here to help you with checking misconfigurations in DKIM.  1. Verify if emails…

No DMARC Record Found: How to Fix Your Email Security Issues

ByBrad Slavin

In the digital age, email has become a lifeline for businesses, connecting us with clients and partners instantly. Yet, as convenient as it is, the risk of falling prey to email spoofing remains very real. You might feel secure sending those important messages, but have you ever wondered if your domain could be misused by…

No DMARC Record Found? Here’s How to Fix Your Domain’s Email Security

ByBrad Slavin

In today’s digital landscape, securing your email is more important than ever. If you’ve recently encountered the message “no DMARC record found,” it can feel like a daunting hurdle. But don’t worry—this common issue simply means your domain isn’t protected by DMARC, a key player in email security. Without it, your emails are at risk…

Fixing DMARC Enforcement For Smaller and Emerging Brands

Fixing DMARC Enforcement For Smaller and Emerging Brands

ByBrad Slavin

Sometimes, even illegitimate emails pass the DMARC check, and that’s because of the lack of enforcement controls by the domain owners. This is one of the primary cybersecurity vulnerabilities that allow cybercriminals to fool people through phishing emails.  In October 2022, phishing attacks targeted nearly 600 brand names globally. Microsoft, Google, and Yahoo emerged as…

DKIM Best Practices: Essential Guidelines for Email Authentication

DKIM Best Practices: Essential Guidelines for Email Authentication

ByBrad Slavin

DKIM Overview DKIM, or DomainKeys Identified Mail, is a powerful email authentication method that plays a pivotal role in enhancing the security of your email communications. Imagine it as a guardian standing watch over your email, ensuring that not only do the emails you receive originate from legitimate sources, but they also remain intact and…