I am new to this forum. I was directed to his forum as I am currently working with dmarc and email quarantine. The issue I’m facing is that in the Google Admin console, it says that messages that are spam or possible malicious are rejected and rejection email is sent to the sender. However I think maybe they are going into the end user spam folder.
I want to be able to see the messages in the quarantine, due to the fact that the client gets invoices from an important source. When I view the email search logs, it shows the messages from the source are being held for moderation. However, I don’t see any in quarantine. If I change the dmarc policy from p=none, to p=quarantine, should that tell the server to put into quarantine? This stuff was never setup for the client from the beginning, so I’m trying to set it up right.
This is a good question, and the answer is: "It depends”.
The quarantine policy deployed on your domain will only affect the disposition of emails failing DMARC sent on behalf of your domain. If the domain is sent with a RFC5322 From header of @yourdomain, and fails a DMARC check, and your DMARC record is set to p=quarantine, then yes, Google will quarantine the message.
The reason I am outlining the above is that in your descriptions it is not clear whether or not you’ve established the emails are sent on behalf of your domain. If it is, then a log search, especially if your have the Google Investigation Tool, which is dependant on your license level. More information on this tool can be viewed here: Gmail log events - Google Workspace Admin Help
I hope this helps. If you are a dmarcian customer, I recommend reaching out to support@dmarcian.com as we can ask for more specific account and domain details to help you further.
Thanks for the input. From what I can tell the mails are spoofing if you will. I have checked the Ip addresses of some of the Emails and they for sure are not from staff within the domain. We have had several emails coming in from someone posing as the owner of the company.
My hope is that if I change the policy to “quarantine”, I will start to see emails showing in the moderation tool. I hope this helps? Like I said, this is somewhat new to me, however I am trying to get it configured correctly.
An email failing DMARC for a domain having published a policy action of “quarantine” will be quarantined by Google if it has been setup. More about reviewing quarantined emails can be found here.
It sounds like that is already what you had in mind. Good luck and wishing you success on your DMARC journey!
Just now seeing your post. Yeah that is what I had in mind. I’m hoping that instead of the emails getting sent to junk or spam, they get quarantined then we review and go from there. And thanks, I hope I make this way better for the client. Learning a lot about DMARC. I’ll reference the link you provided.
Reaching back out to this thread. I now have the dmarc policy set to quarantine, and the dmarc monitor that I’m using says that 13 messages have been quarantined. When I go to the manage quarantine, I don’t see any messages. I read that when messages are quarantined they won’t show up in the end users spam folder. I don’t think I’m missing something, maybe I am though?
DMARC data will communicate the DMARC action taken on a message by the receiving system which performed the check. You can only review emails quarantined due to DMARC if your domain was the recipient of those messages. Assuming your environment is setup correctly, there is a high likelyhood you were not the recipient of the messages you are reviewing DMARC data for.
