---
title: "The Silly Case of Unenforced DMARC | DMARC Report"
description: "If you have any kind of alarm in your home, like a smoke detector or burglar alarm, you probably don"
image: "https://dmarcreport.com/og/blog/the-silly-case-of-unenforced-dmarc.png"
canonical: "https://dmarcreport.com/blog/the-silly-case-of-unenforced-dmarc/"
---

Quick Answer

If you have any kind of alarm in your home, like a smoke detector or burglar alarm, you probably don't think about how it works very often. As it turns out, every alarm, to be effective, actually has to do two things: it has to sense something bad and then it has to take action. In most cases, that action is to blast a really loud signal. Loud enough to wake you up from a sound sleep

Related: [Free DMARC Checker](/tools/dmarc-checker/) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fthe-silly-case-of-unenforced-dmarc%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=The%20Silly%20Case%20of%20Unenforced%20DMARC&url=undefined%2Fblog%2Fthe-silly-case-of-unenforced-dmarc%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fthe-silly-case-of-unenforced-dmarc%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fthe-silly-case-of-unenforced-dmarc%2F&title=The%20Silly%20Case%20of%20Unenforced%20DMARC "Share on Reddit") [ ](mailto:?subject=The%20Silly%20Case%20of%20Unenforced%20DMARC&body=Check out this article: undefined%2Fblog%2Fthe-silly-case-of-unenforced-dmarc%2F "Share via Email") 

![The Silly Case of Unenforced DMARC](https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-report-4236.jpg) 

## Try Our Free DMARC Checker

Validate your DMARC policy, check alignment settings, and verify reporting configuration.

[ Check DMARC Record → ](/tools/dmarc-checker/) 

If you have any kind of alarm in your home, like a smoke detector or burglar alarm, you probably don’t think about how it works very often. As it turns out, _every alarm, to be effective, actually has to do two things: it has to sense something bad and then it has to take action_. In most cases, that action is to blast a really loud signal. Loud enough to wake you up from a sound sleep

> Compliance is driving a lot of the DMARC adoption we see, says Vasile Diaconu, Operations Lead at DuoCircle. PCI DSS v4.0, Google’s sender requirements, Microsoft’s May 2025 enforcement - our support team fields questions about these mandates daily. The organizations that moved early are already at p=reject. The rest are scrambling.

DMARC ([RFC 7489](https://datatracker.ietf.org/doc/html/rfc7489)) ties SPF and DKIM together by requiring alignment between the envelope sender and the visible `From` header. According to Google’s February 2024 bulk sender requirements, a DMARC policy of at least `p=none` is now mandatory for any domain sending 5,000+ messages per day to Gmail users. Now, imagine you had an alarm that only did one of those things. It sensed something bad and in response to that it did nothing. That wouldn’t be a very effective alarm. In fact, it would be useless, no matter how good the sensor was.

This situation sounds ridiculous. Afterall, nobody would install an alarm that sensed a problem and then did nothing in response. You might think that, but you’d be wrong. Companies and organizations do it every day. _The alarm they install is called DMARC, and right after they install it, they turn it off_.

_[DMARC](https://en.wikipedia.org/wiki/DMARC) (Domain-based Message Authentication, Reporting, and Conformance) is an \*\*email authentication protocol that helps businesses protect their domains from being used to send phishing emails_\*\*. ![How to create dmarc record](https://media.mailhop.org/dmarcreport/images/2021/11/how-to-create-dmarc-record-5659.jpg)

In an oversimplification, DMARC works like this. Companies sending emails set up one or both of two possible alarms called[ SPF](https://en.wikipedia.org/wiki/Sender%5FPolicy%5FFramework) and[ DKIM](https://en.wikipedia.org/wiki/DomainKeys%5FIdentified%5FMail) for establishing the authenticity of the emails they send. Then, if one of these alarms “goes off,” DMARC tells what to do in response to those alarms. With DMARC, there are three ways to respond to an alarm:

- Monitor
- Quarantine and
- Reject.

Monitor is a fancy way of saying “do nothing.” Reject, on the other hand, is the alarm actually doing what it’s intended to do: stop threatening emails from getting through.

You’ll never guess what percentage of these DMARC alarms are set to “reject”. According to the[ Agari](https://www.agari.com/cyber-intelligence-research/e-books/q4-2019-report.pdf) \*\*_Q4 2019 Email Fraud & Identity Deceptions Trends_ report, _only 13% of Fortune 500 companies have done this_. In other words, \*\*87% of Fortune 500 companies have turned the alarm off. From the report, “Currently, only 13% of the Fortune 500 has a DMARC record set to the reject enforcement policy required to **protect against phishing**\-based brand impersonation attacks targeting their customers, partners, and other organizations.”

Why is this important? Because “When enforcement policies are set properly, DMARC has been shown to drive phishing based impersonations to near zero.” Zero, with the alarm on.

Nobody understands fully yet why \*\*DMARC adoption is so low. But the consequence of it is fully understood. _If you want to protect your company from phishing emails, and you should, you had better do something about it yourself_.

The best thing you can do to protect your employees from being phished is to deploy cloud-based [phishing protection software](https://www.duocircle.com/email/phishing-protection). \*\*Cloud-based phishing prevention software scans emails before they hit the inbox, which means it has the opportunity to keep malicious emails out of the inbox. And _if phishing emails don’t make it into the inbox, employees can’t be fooled by them_.

![How to create dmarc record](https://media.mailhop.org/dmarcreport/images/2021/11/how-to-create-dmarc-record-5661.jpg) 

Cloud-based [phishing protection](https://www.duocircle.com/email/phishing-protection) software like that from[ DuoCircle](https://www.duocircle.com/) requires no hardware, software or maintenance. It sets up in 10 minutes, comes with 24/7 live technical support and costs only pennies per month per employee.

Until companies start turning on their DMARC alarms, you’ll have to protect yourself from **phishing attacks**. Stop waiting on others to keep you safe. Try DuoCircle risk free for 30 days.

## Topics

[ DMARC ](/tags/dmarc/) 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead for DMARC Report's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Take control of your DMARC reports

Turn raw XML into actionable dashboards. Start free - no credit card required.

[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) 

## Related Articles

[  Foundational 8m  10 Critical Learnings From Verizon’s 2021 DBIR - A DMARCReport Perspective  Nov 25, 2025 ](/blog/10-critical-learnings-from-verizons-2021-dbir-a-dmarcreport-perspective/)[  Foundational 12m  10 DNS Blacklist Insights That Improve Email Security And Deliverability Fast  Nov 14, 2025 ](/blog/10-dns-blacklist-insights-to-improve-email-security-and-deliverability/)[  Foundational 12m  10 Email Spoofing Detection Tools That Dramatically Improve Brand Protection  Nov 11, 2025 ](/blog/10-email-spoofing-detection-tools-that-dramatically-improve-brand-protection/)[  Foundational 12m  10 Reasons SPF Filtering Is Critical For Email Security  Nov 19, 2025 ](/blog/10-reasons-spf-filtering-is-critical-for-email-security/)

```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"The Silly Case of Unenforced DMARC","description":"If you have any kind of alarm in your home, like a smoke detector or burglar alarm, you probably don't think about how it works very often.","url":"https://dmarcreport.com/blog/the-silly-case-of-unenforced-dmarc/","datePublished":"2021-11-24T14:36:09.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2021-11-24T14:36:09.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://dmarcreport.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/the-silly-case-of-unenforced-dmarc/"},"articleSection":"foundational","keywords":"DMARC","wordCount":632,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-report-4236.jpg","caption":"The Silly Case of Unenforced DMARC","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"The Silly Case of Unenforced DMARC","item":"https://dmarcreport.com/blog/the-silly-case-of-unenforced-dmarc/"}]}
```