Here’s my take on using the ‘Quarantine’ setting with DMARC.
Assuming you have been monitoring DMARC reports and are sure that all authentication is operating as it should be, my view is that you may be better to jump straight to ‘Reject’, with a percentage qualifier set than change to ‘Quarantine’ as a phase-in testing strategy.
Here’s my reasoning:
- ‘Reject’ supplies the sender with immediate, concrete feedback
- ‘Quarantine’ may supply feedback, but it’s not guaranteed, although this should be reflected in DMARC reporting
- While recipients may receive Quarantined emails in their spam folder, they’re unlikely to go looking there for them
- If Quarantined emails are classified as spam, this could hurt your sender reputation with the receiver’s email systems
- If you’re confident in your domain authentication configuration, Quarantine seems like a superfluous step.
Am I missing something here?
I’m interested to get the forum’s feedback on this.
Sam.