DMARC p=none: Why Monitoring Mode Is Not Enough and How to Upgrade
Last updated 2026-05-29 — By The InboxGreen Team
DMARC p=none means your DMARC record is in monitoring mode. Receiving servers observe authentication failures and send you reports, but they do not block or quarantine suspicious emails. This is the correct place to start, but leaving it at p=none long term means your domain provides no real spoofing protection. Once SPF and DKIM are passing consistently, upgrade to p=quarantine.
What it means
A DMARC policy tag (<code>p=</code>) tells receiving servers what action to take when an email fails DMARC evaluation. <code>p=none</code> means "take no action, just report." It is the recommended starting point because it lets you collect data about your email streams without affecting delivery. The problem is when it stays at none for months or years: you get reports but no protection.
Why it matters
With <code>p=none</code>, anyone can send spoofed email from your domain and it will be delivered as normal. This is a real threat, since phishing, BEC (business email compromise), and brand spoofing attacks rely on domains stuck at p=none. Google and Yahoo's 2024 bulk sender requirements also expect a DMARC policy beyond p=none for high-volume senders.
Upgrading from p=none to p=quarantine
v=DMARC1; p=quarantine; pct=10; rua=mailto:[email protected]Use pct=10 to start, which applies the quarantine policy to only 10% of failing emails, giving you a safe rollout. Increase pct gradually (25, 50, 100) as you confirm no legitimate emails are affected. Only move to p=reject once you are at pct=100 quarantine with no false positives.
How to fix it
Cloudflare
- Go to DNS > find your existing _dmarc TXT record.
- Edit the value and change
p=nonetop=quarantine; pct=10. - Full record:
v=DMARC1; p=quarantine; pct=10; rua=mailto:[email protected] - Save and monitor your DMARC reports for 1 to 2 weeks.
- If no legitimate email is quarantined, increase pct to 50 then 100.
Namecheap
- Go to Advanced DNS > find the TXT record at host
_dmarc. - Edit the Value and change
p=nonetop=quarantine; pct=10. - Save and monitor reports before increasing pct.
GoDaddy
- Go to DNS > Manage Zones > find the _dmarc TXT record.
- Edit the value and update p=none to p=quarantine; pct=10.
- Save and allow 1 to 2 weeks to review reports.
How to verify the fix
- Run your domain through the InboxGreen free checker after updating.
- DMARC should now show WARN (p=quarantine is an improvement, though p=reject is the target).
- Check your DMARC report inbox. You should see aggregate reports from Gmail and other providers within 24 hours.
- If reports show failing legitimate senders, investigate before increasing pct.
Check your fix right now
Run your domain through InboxGreen's free checker to confirm the issue is resolved.
Common mistakes
- Jumping directly from p=none to p=reject without a quarantine phase. This can block legitimate email.
- Setting pct=100 quarantine before reviewing reports. Always start low (10) and increase gradually.
- Not having a working rua address. Without reports you are flying blind when upgrading policy.
- Upgrading before DKIM is confirmed working. DMARC policy only helps when authentication is solid.
Frequently asked questions
Related fix guides
- DMARC Record Not Found: What It Means and How to Fix It
- DKIM Selector Not Found: What It Means and How to Fix It
- DMARC Alignment Failure: What It Means and How to Fix It