Home / Security / Tighten DMARC from p=none to p=quarantine
Email Deliverability · Security Ring

Tighten DMARC from p=none to p=quarantine

15 min, after a monitoring period Impact: high Effort: medium ✓ Manual completion

Moving DMARC from p=none (monitor only, no enforcement) to p=quarantine (suspicious mail gets sent to spam) is the real enforcement step that actually stops spoofed email from reaching inboxes, rather than just observing it happen.

p=none alone provides visibility but zero actual protection, tightening to quarantine is what converts DMARC from a monitoring tool into a genuine defense against domain spoofing.

How to do it

  1. 1
    Confirm you have reviewed DMARC reports first
    Only tighten enforcement after confirming every legitimate sending source is properly authenticated, this is why the DMARC reporting mission comes first.
  2. 2
    Update your DMARC record to p=quarantine
    A single value change in your existing DMARC TXT record.
  3. 3
    Monitor closely for the first few days
    Confirm no legitimate email is being incorrectly caught.
  4. 4
    Plan the eventual move to p=reject
    Quarantine is a real step forward, reject is the strongest final enforcement level once you are fully confident.

Common mistakes

How you will know it is done

DMARC policy is set to p=quarantine and legitimate email continues to deliver normally.

Track this in your hive

The Security Ring turns this into a real, permanent mission — mark it complete once you have genuinely done it.

Open this mission in H.I.V.E. →