Back to Blog

How to Set Up the DMARC Policy for Quarantine or Rejection

Your domain does not have a DMARC policy configured to either quarantine or reject non-compliant mail, as shown by the warning "DMARC quarantine reject policy not enabled." Many other providers issue identical warnings when your DMARC policy is not robust enough, even though mxtoolbox.com is the source of this precise wording.

How to Set Up the DMARC Policy for Quarantine or Rejection
5/21/2025

The following are typical alternative cautions, for instance:

  • "DMARC policy is not activated."
  • "The DMARC is not in enforcement." This circumstance is best described by
  • Valimail as "DMARC policy set to monitoring only."


If you are unaware of DMARC yet, read our article on What is DMARC? It will give you lots of knowledge that will help you as we explain the meaning of this paying attention and how to resolve it.


Your DMARC policy is either set to p=none (sometimes called monitoring mode) or does not exist if this warning appears. By not establishing a policy, you are losing out on the majority of DMARC's advantages, even though monitoring is fantastic because it allows you to see what emails are sent using your domain. Because it makes it simpler for hackers to create forged emails that mimic your domain, this could pose a threat to the security of your emails.


How can I resolve "DMARC Quarantine Reject Policy Not Enabled?

Now that we know why the 'DMARC Policy is Not Enabled' message shows when you send emails to your clients, let us take a look at how you may remedy this problem.


1. Define your DMARC specifications.

As previously mentioned, you must set up a DMARC policy, which will dictate

what happens to emails that don't pass SPF and DKIM authentication checks. Your DMARC policy can be configured to do one of three things


2. Reject illegal emails

Any email that fails both SPF and DKIM tests will be completely prevented from getting to the recipient's inbox if the DMARC policy is set to "p=reject." This is the most stringent and secure choice since it stops unsanctioned or potentially dangerous emails from being sent.


3. Save unofficial emails for further examination.

Emails that fail authentication are flagged as suspicious and routed to the recipient's spam or trash folder by the receiving server when using the "p=quarantine" DMARC policy. After that, the recipient chooses whether to read the email or disregard it


4. Do nothing on the unofficial emails

Emails that fail SPF and DKIM authentication checks will not be handled if the DMARC policy is set to "p=none." Emails will still reach the recipient's inbox whether they pass or fail. Usually used for monitoring, this policy lets you gather information about email activities without interfering with email delivery.


5. Republish your DMARC record using the most recent version of the policy.

Republish or publish your DMARC record using the revised policy if you're happy with how your emails are interacting with receiving servers. This implies that you will need to update the DMARC record in your domain's DNS settings to reflect the new policy when you change your DMARC policy from p=none to p=quarantine or p=reject for stronger enforcement.


In the very first occur, why should you accept the DMARC policy?

In order to make sure that your domain is sufficiently safeguarded from BEC and direct-domain spoofing attempts, DMARC—an acronym for Domain-based Message Authentication, Reporting, and Conformance—is a standard for validating outgoing email messages. In order to find a match, DMARC aligns the from: domain, DKIM signature domain, and Return-path domain (bounce address).


This prevents unsanctioned sources from sending emails that seem to be from you and helps to confirm the legitimacy of the sender. Your digital purchase goods, which is in charge of your online identity, is your company domain. Email marketing is used by businesses of all sizes to reach and interact with their customers.


However, if your domain is spoofing and hackers send phishing emails to your clients, it will negatively affect not just your email marketing efforts but also your company's credibility and reputation. For this reason, using DMARC is essential to protecting your identity. To begin DMARC implementation for your domain: Start the DNS management console. Go to the records section.


To enable DMARC for your domain:

Publish your DMARC record, which you can create quickly with our free DMARC record generating tool, and set up a DMARC policy that will dictate how the receiving MTA handles messages that fail authentication tests.

You're done once your DNS has processed these changes, which may take 24 to 48 hours.

After configuring it for your domain, use our free DMARC record lookup tool to confirm that your record is correct if you're still receiving the "No DMARC Record Found" problem 48 hours later.


Solving the "Cloudflare DMARC Policy Not Enabled" error

You must login your Cloudflare DNS management interface and publish a DMARC record with the policy parameter defined if you are using Cloudflare as your DNS hosting provider in order to remove this problem. For optimal results, generate your record using an automated tool.

  • To access your DNS control interface, sign in to your Cloudflare account.
  • Decide on a domain name.
  • Choose "DNS" from the menu bar on the left.
  • Click "Add Records" under your domain's DNS control section.


Use our DMARC generator tool to create your record. It just takes a couple of seconds! [After creating your record value, copy it.


NOTE: Be sure to select the correct policy mode when establishing your DMARC record. For your record, the p= field shouldn't be empty. Set Type to "TXT," TTL to "Auto," and Name to "_dmarc" in the add records section. Then, paste the tool-generated value in the value field.

Save modifications


Frequent Asked Questions


1. Why is a quarantine or rejection policy important?

A policy of quarantine or rejection is essential to:

Prevent unlawful use to safeguard the reputation of your brand.

Retain client trust by exhibiting robust security procedures.


2. What distinguishes a refuse policy from a quarantine?

Quarantine Policy: Emails that raise suspicion are routed to the spam folders of the receivers.

Reject Policy: Authentication-check-failing emails are stopped and never get to the receiver.

The Email Security Score tool makes it simple to check your current security level.


3. How can I see what my DMARC settings are right now?

To confirm your DMARC record, use programs like DMARC Checker command-line tools like dig. Please make sure that the policy (p=tag) is set to "quarantine" or "reject," rather than "none."

Table of Contents

Blog
Continue reading
blog image

How does DMARC be Affective?

In order to comprehend how DMARC works, you should be conscious that it requires either an SPF or DKIM record, probably both. When an email becomes available, the receiving server performs a DNS (Domain Name System) lookup to see if there is an existing DMARC record.

blog image

DMARC pct Tag: what it is, Why you need it

Percentage is what the pct tag in a DMARC (Domain-based Message Authentication, Reporting, and Conformance) record stands for, and it helps you apply your DMARC policies slowly.

blog image

DMARC Alignment: Why It's Important and How to achieve It

Email remains one of the most potential commercial communication tools, but it is also one of the most commonly misused by cybercriminals. From phishing to spoofing, attackers use bogus emails to trick users and harm brands. This is where Domain-based Message Authentication, Reporting, and Conformance (DMARC) come in. DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a powerful email authentication as standard that protects your inbox from phishing and spoofing assaults. However, it is not a one-size-fits-all solution; to realize its full potential, a specialized strategy is required. However, for DMARC to function properly, one key component must be in place.

Secure Your Emails Today Take the First Step!
DMARCLYTICSDMARCLYTICS

Tools

Aggregate ReportEmail Spam TestingSPF CheckerDKIM CheckerDMARC Checker

Company

About UsData Center LocationFeaturesKnowledge Base

Support

Privacy PolicyTerm of ServiceContact UsCareer
©2025 All Rights Reserved