DMARC defines three policy levels that describe how receivers are supposed to handle email failing authentication. These levels are ‘p=none’, ‘p=quarantine’, and ‘p=reject’.
- none: Receivers are instructed to not change how they deliver email based on email authentication failures. The ‘none’ level is typically used when a domain owner is in the initial process of authenticating their email services; moving beyond this level is key to enable DMARC to stop fraud.
- quarantine: Receivers are asked to mark messages failing authentication as spam.
- reject: Receivers are requested to block messages failing authentication entirely, and not deliver them to their intended recipients.
In all cases the policy is enforced by the system receiving the email, and the receiving system may choose to handle email delivery differently that prescribed by the DMARC policy. For example, Microsoft Office 365 treats ‘quarantine’ and ‘reject’ identically.