What Is DMARC?

Policy	What receivers do on failure	When to use
`p=none`	No enforcement. Messages deliver as usual. Reports still generated.	Initial deployment — observe before enforcing.
`p=quarantine`	Failing messages go to spam folder.	Intermediate step after confirming legitimate senders pass.
`p=reject`	Failing messages are rejected at SMTP level.	Full enforcement — maximum protection.

Source	Requirement	Applies to
Cabinet Office GOV.UK mail policy	DMARC `p=reject`	Central government domains
NCSC Email Security guidance	Minimum DMARC `p=quarantine`	Public sector and suppliers
NHS Digital DTAC	Authenticated email	NHS suppliers
Google/Yahoo bulk sender rules (2024)	DMARC record required	Bulk senders over 5,000/day
Microsoft sender requirements (2025)	Equivalent DMARC requirements	Outlook.com/Hotmail
PCI DSS 4.0	Email authentication controls	Card-accepting businesses

¶ What Is DMARC?