Policy & Reporting

Understand DMARC policies, enforcement levels, and aggregate and forensic reports.

Your DMARC policy (p=none, p=quarantine, or p=reject) tells receiving mail servers how to handle messages that fail authentication. Reporting tags (rua and ruf) tell those servers where to send aggregate and forensic reports back to you. These articles cover policy selection, gradual enforcement rollout, and how to read the XML reports you receive.

DMARC RUA: How to Send Reports to Multiple Addresses

Learn how to configure multiple DMARC RUA destinations, set up DNS authorization for external report domains, and avoid common reporting mistakes.

DMARC Policy Explained: None, Quarantine, and Reject

Understand the three DMARC policies, what each one does to failing emails, and when to use none, quarantine, or reject for your domain.

DMARC Policy Not Enabled: What It Means and How to Fix It

Getting a 'DMARC quarantine/reject policy not enabled' warning? Learn why you see this message and how to move from p=none to full enforcement.

DMARC Quarantine vs Reject: Which Policy Should You Use?

Understand the difference between DMARC quarantine and reject policies. Learn when to use each and how to safely move from monitoring to enforcement.

Understanding DMARC Reports: How to Read and Use Them

Learn what DMARC reports are, how to receive them, and how to interpret aggregate and forensic reports to improve your email authentication.

DMARC RUA and RUF Explained: Understanding DMARC Reports

Learn what DMARC RUA and RUF tags do, how aggregate and forensic reports differ, and how to set up DMARC reporting for your domain.