Deliverability

DMARC p none vs p quarantine vs p reject. Which should you use for cold email

dns_nerd · 2026-04-02T00:00:00Z

I see people arguing about DMARC policies constantly. Here is what each policy actually does and which one matters for cold email deliverability. Spoiler:

dns_nerd · 2026-04-02 · 1,760 views

DMARC policy arguments come up in every cold email community. Some people swear you need p=reject or your emails will land in spam. Others say p=none is fine. Here is what actually happens with each policy and what I recommend for cold email domains.

p=none (monitor only). This tells receiving servers: if SPF or DKIM fails, do nothing special. Just deliver the email normally and send me a report about it. The email still gets delivered even if authentication fails. This is the "training wheels" setting. You get DMARC reports showing what is passing and failing without any risk of blocking legitimate emails.

p=quarantine. This tells receiving servers: if SPF or DKIM fails, send the email to spam instead of the inbox. This is a meaningful enforcement step. Legitimate emails with correct authentication still land in the inbox. Only emails that fail authentication get quarantined. This protects your domain from spoofing (someone pretending to send from your domain) while keeping your real cold emails delivering normally.

p=reject. This tells receiving servers: if SPF or DKIM fails, do not deliver the email at all. Just block it entirely. This is the strictest setting. It completely prevents anyone from spoofing your domain. But if your SPF or DKIM has any misconfiguration, even temporarily, your own legitimate emails get rejected. Not sent to spam. Rejected. Gone.

What I recommend for cold email domains:

Start with p=none for the first 2 to 4 weeks after setting up a new domain. During this period, monitor your DMARC reports (you can use free tools like Postmark's DMARC monitoring or dmarcian). Check that SPF, DKIM, and DMARC alignment are all passing consistently. If everything looks clean after 2 to 4 weeks, move to p=quarantine.

Some cold email experts say p=reject is overkill for cold email domains. I agree. Here is why. Cold email domains are disposable by design. You rotate them every few months. The risk of domain spoofing on a domain that only exists for 3 to 6 months is minimal. Meanwhile, the risk of p=reject accidentally blocking your own emails because of a temporary DNS propagation delay or a misconfigured record is real. I have seen it happen. An agency moved 40 inboxes to p=reject, one domain had a DKIM record that took 6 hours to propagate after a change, and every email from that domain was silently rejected for half a day. No bounce notification. No spam folder. Just gone.

The bottom line: The most important thing is having DMARC at all. A domain with p=none and correct SPF and DKIM will outperform a domain with no DMARC record whatsoever. The policy level matters less than the existence of the record. Email providers like Google and Yahoo now check for DMARC presence as a baseline trust signal. No DMARC means your domain looks unauthenticated, and that hurts deliverability regardless of your SPF and DKIM setup.

If you order inboxes from PuzzleInbox, DMARC is configured automatically on every domain. They typically set p=quarantine by default, which is the sweet spot for cold email. You get authentication enforcement without the risk of p=reject silently killing your emails.

Stop overthinking DMARC policy. Set it up, make sure SPF and DKIM are aligned, monitor for a few weeks, and move to quarantine. That is all you need.