phishing attempts

 How does DMARC quarantine work against phishing attempts?

ByBrad Slavin
How does DMARC quarantine work against phishing attempts?
How does DMARC quarantine work against phishing attempts?
/

We’re only five months into 2025, and so far, 3.4 billion phishing emails have been sent on a daily basis. 

Every single day, inboxes around the world are flooded with fake messages trying to trick people into clicking fraudulent links or giving up sensitive information. And yes, spam filters do their bit to prevent these phishing and spoofing emails from reaching the inboxes, but they’re not foolproof. Besides, attackers are finding new ways to outsmart them— using AI to write convincing emails, registering lookalike domains, or even hijacking legitimate ones. This means you need something more than a cursory security check, something that doesn’t just detect suspicious emails, but knows what to do with them.

And that’s where DMARC (Domain-based Message Authentication, Reporting & Conformance) fits in. DMARC is perhaps the most effective security measure that allows you (the domain owner) to decide what should be done to emails that pretend to originate from your domain but don’t pass the authentication tests.

spam filters

With DMARC, you can enforce one of three policies:

  • p=none: It instructs the receiving mail server to just monitor the unauthorized emails sent on your behalf.
  • p=quarantine: It instructs the receiving mail server to mark such emails as suspicious and place them in the spam folder.
  • p=reject: It instructs to block the message altogether.

Let us take a look at how ‘p=quarantine’ protects your domain against phishing attempts.

Why phishing still bypasses spam filters in 2025?

It’s fair to think, “Aren’t spam filters doing their job properly?” but the truth is, they only work up to a certain extent. Now that phishing attempts are getting smarter and more sophisticated, these filters alone are not enough to defend against them.

Spam filters primarily look for such things as bad links, spammy words, or blacklisted addresses that are known. But if an email appears clean and is from a domain that appears legitimate, it can easily pass through. This is where DMARC makes a big difference. Instead of judging the email by how it looks, DMARC checks where it actually came from and whether it was sent with permission

Sender Policy Framework

How does the DMARC quarantine policy work?

As you already know, DMARC works to prevent email spoofing and phishing by determining how to treat emails that fail authentication tests. Now, there are one of three ways to do this; here we will focus on quarantine policy, which is often seen as a smart middle ground.

So, when you configure DMARC at p=quarantine, you’re basically telling the recipient’s server that if a message fails SPF (Sender Policy Framework) and/or DKIM (DomainKeys Identified Mail) authentication checks, make sure to treat it as suspicious and not just deliver it to the inbox. In this case, the practical approach would be to send it to the spam folder.

By doing so, you’re not entirely blocking the email—just being careful. This is exactly what you need if you want to leave some wiggle room for the recipient’s server to make a decision.  

spam folder

Let’s say the email is actually from someone you know, but didn’t make it through the checks because of some minor technical issue. With p=quarantine, the message still gets delivered, but lands in the spam folder instead of the inbox. At the same time, you’re also not running the risk of allowing a spoofed email to directly land in someone’s inbox.

What a DMARC policy set at p=quarantine does is it routes the email to the spam folder, where it’s labeled as suspicious. This reaches the recipient’s mailbox and also makes them more cautious and less likely to open malicious links or attachments.

So with quarantine, you’re essentially coming to a safe middle ground where you don’t block legitimate emails accidentally, but you still defend your recipients against phishing.

It’s a smart move, especially if you’re still setting things up or want to test the waters before moving to the stricter reject policy.

malicious links

Final thoughts: Why quarantine is a smart first step?

If you’re just starting with DMARC, quarantine is a safe and practical way to begin.

It doesn’t block emails completely, but it still protects your domain from being misused. By sending suspicious messages to the spam folder, you reduce the risk of phishing, without accidentally stopping real emails that may have small technical issues.

Once everything is working smoothly and you’re confident, you can always move to a stricter policy, like ‘reject.’ But until then, quarantine is a solid first step that offers protection without being too aggressive.

DMARC reports

One of the best ways to understand how receiving servers are handling your emails, before switching to a stricter policy, is by reviewing your DMARC reports. These reports tell you everything you need to know about your DMARC setup and help you decide how you can fine-tune it further.

Need help reviewing DMARC reports or fine-tuning your setup? Our team at DMARCReport is here to make DMARC monitoring a breeze for you! Contact us to know more. 

Similar Posts

What is DMARC and Does It Protect Email Recipients From Fraud?

What is DMARC and Does It Protect Email Recipients From Fraud?

ByBrad Slavin

Discover how an innovative approach to email security protects against phishing What if there was a way to protect your brand from bad actors using your email address for fraudulent activity? It’s a well-known fact that cybercriminals impersonate trusted contacts in order to commit fraud. In fact, 70 percent of all email fraud is sent…

The Emergence of DKIM: A Cryptography-Based Email Authentication Protocol

The Emergence of DKIM: A Cryptography-Based Email Authentication Protocol

ByBrad Slavin

Navigating through the complexities of email security and the limitations of SPF, the urgency to develop a protocol that doesn’t break on email forwarding was needed. This led to the genesis of DomainKeys Identified Mail or DKIM. Its roots date back to the early 2000s when email-based cybercrimes were escalating. This led to the initiation…

Alternatives to Fraudmarc’s Cost-Effective DMARC Reporting

Alternatives to Fraudmarc’s Cost-Effective DMARC Reporting

ByBrad Slavin

DMARC reporting is the practice of adding rua and ruf tags to your DMARC record to start receiving aggregate and forensic reports. These reports are then evaluated to understand your domain’s email activities and determine if a malicious entity is attempting to send fraudulent messages in your name.  Fraudmarc offers email security services, including DMARC…

DMARC in a Multi-Domain Environment: Best Practices for Complex Setups

DMARC in a Multi-Domain Environment: Best Practices for Complex Setups

ByBrad Slavin

Listen to this blog post below While handling single domains with DMARC is easy, DMARC in a multi-domain environment is also possible, though it may seem challenging. Email is a standard cyberattack tool used by malicious actors, and attacks through email have significantly intensified as more business organizations migrate to the cloud environment. Hence, cybersecurity…