Resolving ‘DMARC Policy Not Enabled’ Error

DMARC Report
DMARC Report
Resolving ‘DMARC Policy Not Enabled’ Error

Reverse DNS lookup is the process where the receiving email server verifies whether the sending IP address corresponds to the domain from which the email claims to originate. But when no DMARC record is registered for your domain, the ‘DMARC policy not enabled’ error occurs

Sometimes, this error can prompt even if a DMARC record exists for your domain; this may happen due to an erroneous record (which you’ll have to fix) or temporary network issues (which get resolved on their own). 

This blog entails 2 steps you need to implement for a non-erroneous DMARC record, preventing the instances of the ‘DMARC policy not enabled’ prompt. 

STEP 1: Choose the Suitable Policy

DMARC allows domain owners to choose how a receiving email server should treat illegitimate and unauthorized emails sent from your domain. By implementing one of the policies, domain owners can enhance email security and reduce the likelihood of fraudulent emails reaching recipients. The choice of policy depends on the domain owner’s risk tolerance and the desired level of protection

This is done by filling in the ‘p’ parameter with one of the following policies;

The Reject Policy

The ‘reject’ policy is the most stringent. With the ‘reject’ policy, the domain owner explicitly instructs receiving mail servers to reject or discard emails that fail DMARC authentication checks. This policy is designed to minimize the impact of phishing and spoofing attacks by preventing unauthorized emails from reaching the recipient’s inbox.

The Quarantine Policy

With the ‘quarantine’ policy, the domain owner instructs receiving mail servers to treat emails that fail authentication with caution. Instead of outrightly rejecting the emails, the servers may move them to a spam or quarantine folder, providing a level of protection while allowing for some flexibility. It’s a middle ground between monitoring and full rejection.

The None Policy

This is the default policy when DMARC is first implemented. With a “none” policy, the domain owner is primarily interested in monitoring and gathering information about emails that fail authentication without taking immediate action.

It allows the domain owner to receive DMARC reports and analyze the email authentication results.

Which is the Best or Ideal DMARC Policy?

The best or ideal DMARC policy depends on the specific needs and preferences of the domain owner. Each policy serves a different purpose, and the choice depends on how much risk the domain owner is willing to tolerate and how strict they want to be in handling unauthenticated emails.

DMARCReport Infographic

For example, a company that is highly concerned about email security might opt for the ‘reject’ policy. They want to ensure that only authenticated emails from their domain reach recipients’ inboxes to minimize the risk of phishing attacks. However, a less risk-averse organization might choose the ‘quarantine’ policy to strike a balance between security and potential false positives.

It’s crucial to carefully evaluate the impact of each policy and gradually move from ‘none’ to ‘quarantine’ and eventually to ‘reject’ as the domain owner gains confidence in their DMARC implementation and understands the email traffic better.

STEP 2: Publish or Republish the DMARC Record

Once you have decided and implemented the suitable DMARC policy, you have to publish it in your domain’s DNS to get rid of the ‘DMARC policy not enabled’ error. 

Ensure accuracy and save the changes in the DNS settings. It can take 24-48 hours for your DNS to process these changes, and you’re done!

Verify the record using online DMARC checkers to confirm its correct publication and syntactic validity. 

Image sourced from

Getting Rid of the ‘DMARC Quarantine/Reject Policy Not Enabled’

As mentioned above, the ‘none’ policy is only meant for monitoring and does not offer any protection against email-based cyberattacks. So, emails sent from a domain with the ‘none’ policy are likely to get a warning of “DMARC policy not enabled” or“ No DMARC protection.”

You can fix this issue by simply choosing either the ‘quarantine’ or ‘none’ policy. 

Begin DMARC Monitoring

Your job doesn’t end with creating and updating a DMARC record for your domain; you should also start receiving aggregate and forensic reports to get insights into your email activities. Dmarcreport’s expertise lies in fortifying organizations against email fraud and bolstering cybersecurity measures worldwide. So, visit us today and book a demo.

Similar Posts