DMARC Quarantine vs Reject – When to Use Each

Quarantine asks receivers to treat failing messages as suspicious (e.g. spam folder); reject asks them not to deliver. Here's when to use each and how to ramp up without breaking legitimate mail.

How receivers treat each

With p=quarantine, receivers typically deliver failing messages to spam or a similar folder rather than the inbox. With p=reject, they typically refuse to deliver the message. Implementation varies; major providers generally follow the spec. Quarantine is softer and easier to roll back if something goes wrong.

Ramping up safely

Start with p=none and rua= to collect reports. Fix any misconfigurations so legitimate traffic passes. Then set p=quarantine and monitor reports and support. When failure rates are negligible and you're confident, consider p=reject. You can use pct= to apply the policy to a percentage of failures first.

Common mistakes

  • Switching to reject before checking DMARC reports and fixing alignment issues.
  • Ignoring subdomains; if you send from subdomains, ensure they're aligned or covered by sp=.
  • Assuming quarantine and reject look identical to users; quarantine may still deliver to spam, which can confuse senders who don't check reports.

Check my DMARC enforcement

Check your current DMARC policy and alignment. No signup required.

Check my DMARC enforcementView pricing

FAQ

What's the practical difference between quarantine and reject?

Quarantine usually means the message is delivered to spam or a holding folder; reject usually means the message is not delivered at all. Exact behavior depends on the receiver.

Which should I use first?

Use quarantine before reject. It lets you see impact (e.g. in DMARC reports and support tickets) without losing mail entirely. Move to reject when you're confident no legitimate mail fails.

Do Gmail and Yahoo require reject?

They expect senders to move beyond p=none; quarantine or reject is recommended for bulk. They don't mandate reject, but reject is the strongest signal and can improve trust.

Can I use pct= to test?

Yes. pct=25 with p=quarantine applies quarantine to 25% of failing messages. You can ramp pct up to 100, then switch to p=reject with a low pct if you want to test reject gradually.

Related reading

Read-only checks. We don't send email or modify DNS. How we check