Suped

How does the pct tag in DMARC work when p and sp are set to none?

9 Marketer opinions6 Expert opinions3 Technical articles5 Resources

Summary

When DMARC's 'p' (policy) and 'sp' (subdomain policy) are set to 'none', the 'pct' (percentage) tag defines the portion of email messages analyzed for DMARC reporting, enabling a phased approach to DMARC implementation. While some suggest 'pct' might have limited effect in this scenario, the consensus across experts and documentation is that 'pct' allows domain owners to monitor DMARC performance and identify authentication problems without immediately impacting email deliverability. It acts as a tool to assess the impact of stricter policies (quarantine or reject) on a subset of emails, facilitating a gradual rollout strategy and informed adjustments before full enforcement. While primarily for reporting, some interpretations suggest 'pct' designates the percentage of messages failing DMARC for policy application once stricter policies are enabled. Using 'pct=100' ensures reports on all mail flow. Starting with p=none and incrementally adjusting pct supports cautious deployment, minimizing disruptions.

Key findings

  • Monitoring, Not Enforcement: The 'pct' tag primarily serves to generate DMARC reports (RUA) when 'p=none', not to enforce a specific policy.
  • Phased Implementation Support: The 'pct' is crucial for a phased DMARC implementation approach, allowing gradual policy enforcement.
  • Risk Mitigation: The 'pct' provides insights and mitigation of risk before enforcing DMARC, allowing domain owners to ensure deliverability and avoid sending legitimate email to spam.
  • Full Visibility Option: A 'pct=100' setting ensures reports (RUA) for complete email traffic monitoring are received, enhancing awareness.
  • Policy Dial: 'pct' controls how many messages are impacted by stricter policies in a gradual deployment.

Key considerations

  • Start with p=none: Start your initial DMARC setup with 'p=none' to prevent unintended deliverability problems.
  • Monitor Regularly: Routinely monitor DMARC reports generated by the 'pct' setting and reporting to pinpoint authentication discrepancies or potential failures.
  • Accurate Percentage Choice: Select a representative 'pct' and reporting value that is relative to the mail flow and is large enough to show problems.
  • Test and Adjust: Prior to deploying stricter policies, test and calibrate SPF, DKIM and DMARC configurations based on insights drawn from reports.
  • Compliance: Comply with RFC7489 specifications and guidelines to ensure appropriate 'pct' implementation (0-100 range).

What email marketers say
9Marketer opinions

When DMARC's 'p' (policy) and 'sp' (subdomain policy) tags are set to 'none,' the 'pct' (percentage) tag specifies the portion of emails to be analyzed for DMARC reporting. While 'p=none' doesn't enforce any action (quarantine or reject), 'pct' enables monitoring the potential impact of stricter policies on a subset of emails. This dry-run approach helps identify authentication issues and fine-tune configurations before full DMARC enforcement, minimizing the risk of false positives and deliverability problems. It's also noted that the precise application of 'pct' can be ambiguous, with differing interpretations on whether it applies to a percentage of messages that fail DMARC or all messages.

Key opinions

  • Monitoring without Enforcement: The 'pct' tag allows you to monitor DMARC results through reports (RUA) without impacting email deliverability when 'p=none'.
  • Dry-Run for Stricter Policies: Using 'pct' helps evaluate the potential impact of quarantine or reject policies on a smaller subset of emails before full implementation.
  • Gradual Rollout: 'pct' enables a gradual rollout of DMARC policies, allowing for adjustments before enforcing stricter policies.
  • Identify Authentication Issues: 'pct' setting allows you to identify and fix any authentication problems before enforcing a stricter policy.
  • Ambiguity in Interpretation: There is some ambiguity in the interpretation of how 'pct' applies, specifically whether it applies to messages failing DMARC or all messages.

Key considerations

  • Report Analysis: Regularly analyze DMARC reports (RUA) to understand authentication failures and potential impacts on legitimate email.
  • Percentage Selection: Choose a 'pct' value that provides a representative sample of your email traffic for accurate monitoring.
  • Policy Adjustment: Based on the DMARC reports, adjust your email authentication setup (SPF, DKIM) before moving to stricter DMARC policies (quarantine or reject).
  • Full Visibility: Setting pct=100 ensures reports on all of your mail flow to help with monitoring.
Marketer view

Email marketer from EmailSecurityBlog.com shares that pct can be useful with p=none because it still allows you to receive aggregate reports (RUA) on a percentage of your mail flow, giving you visibility into potential DMARC failures without impacting deliverability.

October 2024 - EmailSecurityBlog.com
Marketer view

Email marketer from StackOverflow answers that using pct with p=none allows you to test your DMARC setup without risking deliverability issues. By analyzing DMARC reports for a sample of your email traffic, you can identify and fix any authentication problems before enforcing a stricter policy.

August 2021 - StackOverflow
Marketer view

Email marketer from Mailhardener explains that the 'pct' tag allows a gradual rollout of DMARC policies. Even with 'p=none', setting a 'pct' value helps monitor how a future stricter policy (quarantine or reject) might affect legitimate email flow, acting as a testing phase.

February 2025 - Mailhardener
Marketer view

Email marketer from EmailGeekForum discusses using 'pct' with 'p=none' as a 'dry run' to observe DMARC results without impacting email delivery. This way, adjustments can be made before implementing stricter policies.

September 2024 - EmailGeekForum.net
Marketer view

Email marketer from Reddit explains that while 'p=none' means no action is taken, using 'pct' helps evaluate the impact of a quarantine or reject policy on a subset of emails. This allows analysis of potential false positives before full rollout.

March 2024 - Reddit
Marketer view

Marketer from Email Geeks clarifies that 'none' doesn't mean letting everything through, but rather requests receivers to not let DMARC validation results impact message disposition.

June 2021 - Email Geeks
Marketer view

Email marketer from EasyDMARC explains that the purpose of the PCT tag is to enforce the DMARC policy gradually. Even with ‘p=none’, you can monitor DMARC reports and see if any legitimate email sources are failing authentication, allowing you to make necessary adjustments without impacting deliverability for all of your email.

July 2022 - EasyDMARC
Marketer view

Marketer from Email Geeks explains the ambiguity of the pct tag, questioning whether it applies to a percentage of messages that fail DMARC or a percentage of all messages, and emphasizing the uncertainty of applying a policy to messages that passed DMARC.

February 2024 - Email Geeks
Marketer view

Email marketer from MXToolbox explains that during DMARC configuration, the 'pct' tag (with 'p=none') allows for monitoring DMARC results on a percentage of your mail stream, helping in identifying issues before fully enforcing DMARC policies.

August 2021 - MXToolbox

What the experts say
6Expert opinions

When DMARC policies (p and sp) are set to 'none', the 'pct' tag's primary function is to enable reporting on a percentage of email traffic, even though no enforcement actions are taken. While one expert suggests 'pct' might have negligible effects except in edge cases, the consensus is that 'pct' allows domain owners to monitor DMARC performance and identify authentication issues without impacting deliverability. It acts as a dial for trust in the setup, guiding a phased deployment: starting with 'p=none', gradually increasing 'pct' with stricter policies like quarantine and reject. The 'pct' dictates the percentage of messages analyzed for reports (RUA), with a 'pct=100' setting ensuring full visibility. When 'p=reject' and 'pct=50', failing messages are split between reject and quarantine.

Key opinions

  • Reporting, Not Enforcement: With 'p=none', the 'pct' tag primarily functions for generating DMARC reports (RUA), not enforcing policies.
  • Phased Deployment: The 'pct' tag is instrumental in a phased DMARC deployment: 'p=none', gradual increase with stricter policies (quarantine, reject).
  • Visibility Dial: The 'pct' serves as a dial to control visibility and trust in the DMARC setup.
  • Full Traffic Monitoring: A 'pct=100' setting ensures reports (RUA) on all email traffic are received.
  • Policy Mix: When 'p=reject', 'pct' determines how failing messages are handled (e.g., 'pct=50' splits between reject and quarantine).

Key considerations

  • Early Deployment Strategy: Start with 'p=none' to avoid deliverability issues during initial DMARC setup.
  • Report Analysis is Key: Regularly monitor DMARC reports (RUA) generated through the 'pct' setting to identify authentication failures.
  • Percentage Selection Importance: Select 'pct' to align with traffic volume and reporting needs.
  • Policy Adjustments after Reporting: Adjust authentication settings (SPF, DKIM) based on findings from reports before escalating to stricter policies.
  • Gradual Increase: Gradually increase the pct while enforcing a reject or quarantine policy so that you can fix deliverability problems on a smaller set of email before increasing the pct.
Expert view

Expert from Email Geeks states that with p and sp set to none, pct will not have any effect, except possibly in some rare edge cases with specific mailing list managers.

December 2023 - Email Geeks
Expert view

Expert from Email Geeks shares early DMARC deployment advice: start with p=none, switch to quarantine at pct=1, gradually increase to 100, and then repeat with reject.

February 2024 - Email Geeks
Expert view

Expert from Word to the Wise explains that when using `p=none`, the `pct` tag dictates the percentage of messages that will be analyzed and reported on in the DMARC reports. Even though no enforcement action is taken, the reports provide insights into potential DMARC failures and authentication issues within the specified sample size.

September 2024 - Word to the Wise
Expert view

Expert from Email Geeks clarifies that the intention of the pct tag is to apply the policy to a percentage of messages that fail DMARC, and describes it as a dial for how much the domain owner trusts their own DMARC setup.

November 2022 - Email Geeks
Expert view

Expert from Email Geeks explains that with pct=50 and p=reject, half of the messages failing authentication are rejected, and the other half are quarantined, as defined in the RFC.

January 2022 - Email Geeks
Expert view

Expert from Spam Resource shares that even with 'p=none', setting 'pct=100' ensures you receive reports (RUA) on *all* of your mail flow, which is essential for monitoring DMARC performance and identifying potential authentication issues. This provides full visibility without impacting deliverability while in 'p=none' mode.

July 2023 - Spam Resource

What the documentation says
3Technical articles

Official documentation from DMARC.org, RFC7489, and Google Workspace Admin Help consistently describes the 'pct' tag in DMARC as the percentage of messages from the domain owner's mail stream to which the DMARC policy should be applied. When the policy ('p') is set to 'none', the 'pct' tag facilitates a phased adoption of DMARC, allowing administrators to gradually increase the scope of DMARC reporting. This process enables monitoring the impact of stricter policies before full implementation. The specified percentage value must be between 0 and 100 (inclusive).

Key findings

  • Percentage of Mail Stream: The 'pct' tag defines the percentage of messages to which the DMARC policy is applied.
  • Phased Adoption: The 'pct' tag is key for a phased DMARC adoption strategy.
  • Monitoring Before Enforcement: With 'p=none', 'pct' allows monitoring the impact of stricter policies without active enforcement.
  • Value Range: The 'pct' value must be between 0 and 100, inclusive.

Key considerations

  • Gradual Increase: Gradually increase the 'pct' value to monitor the impact of DMARC policies on a larger portion of your mail stream.
  • Policy Impact Monitoring: Carefully monitor DMARC reports to assess the impact of potential 'quarantine' or 'reject' policies before full implementation.
  • RFC Compliance: Ensure that the 'pct' value complies with the RFC7489 specification.
  • Integration with Reporting: Ensure that the 'pct' tag setting is integrated with your DMARC reporting mechanisms.
Technical article

Documentation from RFC7489 defines the 'pct' tag as the percentage of messages from the Domain Owner's mail stream to which the DMARC policy is to be applied. The documentation specifies that the value MUST be between 0 and 100 (inclusive).

August 2022 - RFC Editor
Technical article

Documentation from DMARC.org explains that the 'pct' tag specifies the percentage of messages to which the DMARC policy is applied. When 'p=none', it suggests receivers monitor the impact of a stricter policy before full implementation, gradually increasing the percentage to enforce the policy on more of the mail stream.

September 2024 - DMARC.org
Technical article

Documentation from Google Workspace Admin Help explains the pct tag is used for phased DMARC adoption. Even with p=none, you can set a percentage to gradually increase the scope of DMARC reporting and eventual policy enforcement.

September 2023 - Google Workspace Admin Help

Related resources
5Resources

Understanding the DMARC pct (percentage) tag – what you need to ...
Understanding the DMARC pct (percentage) tag – what you need to ...

Not sure what the DMARC pct tag does? There’s a right way and a wrong way to use this tag—use it wrong, and you could expose your brand to bad actors.

Valimail -
The DMARC Record Explained - postale.io
The DMARC Record Explained - postale.io

In this post we’ll explore in detail what a DMARC record is, why you should absolutely have one, and how to use it. If you want to understand DMARC, come along! What Is a DMARC Record DMARC stands for Domain-based Message Authentication, Reporting and Conformance. Quite a mouthful. It designates a system allowing domain owners […]

postale.io
What DMARC Policy Should Senders Use in 2025?
What DMARC Policy Should Senders Use in 2025?

Are you using DMARC to authenticate your emails? Find out why this technical specification matters and learn about best DMARC policy.

Email on Acid
What is DMARC? How it works and why you need it
What is DMARC? How it works and why you need it

It's not a question of whether you need a DMARC policy, but moreso how quickly you should set one up. Here's a crash course on email authentication.

Vero
What are DMARC Tags? | EasyDMARC
What are DMARC Tags? | EasyDMARC

DMARC tags specify actions a receiving server has to take if an email fails the DMARC test. Read our explanatory article about all DMARC tags.

EasyDMARC

Related questions