DMARC Policy Warm-Up

Follow

DMARC warmup hero.png

According to the DMARC checker app, DMARC adoption among the top 1 million websites is low at 33.4%, with 57.2% using a "none" policy (p=none), meaning failed emails are delivered as usual. As a result, 85.7% lack effective DMARC protection. Google and Yahoo are leading efforts to improve security, understanding that it's an ongoing improvement process.

image (32).png

So, let's walk through how Mailbox Providers (MBP) size up DMARC. They tend to approach your email with caution at first, assuming it might be fishy until proven otherwise. Proper authentication is your ticket to better deliverability. When you upgrade to an enforcement policy, you're basically telling MBPs, 'Hey, I've got this!' You're seizing the reins and taking charge of your domain.

image (34).png

Now that you've got this knowledge under your belt, it's time to take the reins with your domain. Senders should prioritize protecting their subscribers as much as they do their own Mailbox Providers (MBPs). But building a strong defense doesn't happen overnight. If you suddenly switch from no policy to rejecting with just one change, you might accidentally block all your emails with an impenetrable wall. It's smarter to transition your DMARC policy to reject gradually. This way, you stay in control while ensuring a smooth adjustment without giving your domain a case of whiplash.

GUIDE TO WARMUP

DMARC doesn’t just affect your ESP traffic; it affects EVERY email sent to that domain. Here is a VERY conservative schedule to graduate all the way to reject. This moves weekly until you reach reject. Your policy is from None to Reject in 12 week’s time*. To obtain those policy changes, you will use the pct=* tag in your DMARC record. 

Policy to Implement Policy (p=) Percent (pct=) part of DNS Record to update
None none - ... p=none; ...
Quarantine 1% quarantine 1 ... p=quarantine; pct=1; ...
Quarantine 5% quarantine 5 ... p=quarantine; pct=5; ...
Quarantine 10% quarantine 10 ... p=quarantine; pct=10; ...
Quarantine 25% quarantine 25 ... p=quarantine; pct=25; ...
Quarantine 50% quarantine 50 ... p=quarantine; pct=50; ...
Quarantine 100% quarantine - ... p=quarantine; ...
Reject 1% reject 1 ... p=reject; pct=1; ...
Reject 5% reject 5 ... p=reject; pct=5; ...
Reject 10% reject 10 ... p=reject; pct=10; ...
Reject 25% reject 25 ... p=reject; pct=25; ...
Reject 50% reject 50 ... p=reject; pct=50; ...
Reject 100% reject - ... p=reject;  ...

 

This slow rollout process is not designed for everyone. Here is an example of a faster, less conservative approach. You can get your domain to Reject within 6 weeks*. However, this works better for domains that send a lot of email. 

None

Quarantine 25%

Quarantine 50%

Quarantine 100%

Reject 25%

Reject 50%

Reject 100%

*This estimate is based on having successfully delivered within that week. 

You can spend as much time in each stage as you need. If there is no pct tag in your DMARC report, the pct default is 100%. So you can move to p=quarantine for several weeks and then to p=reject. This is a more challenging transition but it is still possible. 

 

 

Have more questions? Submit a request

Comments