There are 3 DMARC policies for handling emails that fail authentication, which are:
- Monitor: Monitor, also called none policy, is the most basic DMARC policy and specified by “p=none.” The monitor enables monitoring and sends all emails (including failed authentication) to maintain regular traffic flow. The monitor generates data on your domain usage and helps you understand how DMARC functions by revealing the emails handled by a specific email provider and the ones that failed verification.
- Quarantine: The quarantine policy is specified by “p=quarantine,” which sends unqualified emails (those that fail authentication) to the recipient’s trash or spam folder. The quarantine policy is advised as a second level in DMARC implementation. The quarantine policy prevents your domain from being used for malicious purposes and helps you control misclassification. As a result, genuine emails and data can be analyzed that were banned and spammed due to configuration errors.
- Reject: The Reject policy prevents unqualified emails (those with failed authentication) from reaching their intended recipient. The reject policy, specified by “p=reject,” is the most effective DMARC policy against cybercrime. Still, it requires a more significant stage of sophistication to ensure that authentic emails are not rejected. The reject policy requires proper allow listing permissions for third-party senders such as CRM systems or Email Service Providers.