How to change DMARC records from none to quarantine for BIMI?

Summary

Transitioning DMARC from 'none' to 'quarantine' for BIMI requires a strategic, phased approach. Experts and documentation emphasize the critical need for meticulous monitoring of DMARC reports to identify legitimate email sources, ensuring they are properly authenticated with SPF and DKIM. A gradual increase in the quarantine enforcement percentage is advised, starting with a small percentage and scaling up as confidence in the authentication setup grows. Employing DMARC reporting tools for visibility is also recommended. For a successful BIMI implementation, a 'quarantine' or 'reject' DMARC policy is mandatory, along with a valid VMC certificate. Seeking expert assistance is suggested, especially for those new to DMARC, to prevent deliverability issues.

Key findings

  • BIMI Requirement: BIMI requires a DMARC policy of either 'quarantine' or 'reject'.
  • Phased Transition: A phased approach—starting with 'none', moving to 'quarantine', and potentially to 'reject'—is recommended.
  • Monitoring is Key: Careful monitoring of DMARC reports is crucial throughout the transition and beyond.
  • SPF/DKIM Alignment: Ensuring proper SPF and DKIM alignment for all sending sources is essential.
  • Reporting Tools: DMARC reporting tools provide crucial visibility into authentication results.

Key considerations

  • Strategic Planning: The transition requires careful planning to avoid disrupting legitimate email flow.
  • Gradual Enforcement: Gradually increase the quarantine percentage to minimize the risk of blocking legitimate emails.
  • VMC Certificate: A valid VMC certificate is required for displaying your logo with BIMI.
  • Expert Assistance: Consider seeking expert help if you lack experience with DMARC implementation.
  • Regular Review: Regularly review DMARC reports and adapt the policy as needed to maintain email security and deliverability.

What email marketers say
9Marketer opinions

Transitioning DMARC records from 'none' to 'quarantine' for BIMI implementation is a multi-step process that requires careful planning and monitoring. The primary goal is to enhance email security and enable BIMI logo display without disrupting legitimate email flow. Experts recommend a phased approach, starting with thorough analysis of DMARC reports to identify and authenticate all legitimate email sources using SPF and DKIM. Continuous monitoring of DMARC reports and gradual increases in the quarantine policy enforcement are crucial to prevent deliverability issues. Several experts suggest using DMARC reporting tools to gain visibility into authentication results and consider professional help if unsure.

Key opinions

  • Phased Approach: A phased approach, moving gradually from 'none' to 'quarantine', is essential for a smooth transition.
  • DMARC Reports Analysis: Thorough analysis of DMARC reports is critical to identify and authenticate all legitimate email sources before implementing 'quarantine'.
  • SPF/DKIM Alignment: Ensuring proper alignment of SPF and DKIM records for all email sources is necessary to avoid false positives.
  • BIMI Requirement: A DMARC policy of 'quarantine' or 'reject' is a prerequisite for BIMI implementation.
  • VMC Certificate: A valid VMC certificate verifying your logo is needed for BIMI to display your logo.

Key considerations

  • Monitoring: Continuous monitoring of DMARC reports is essential to detect and address any deliverability issues during and after the transition.
  • Reporting Tools: Utilizing DMARC reporting tools provides visibility into authentication results and helps track the impact of policy changes.
  • Gradual Enforcement: Gradually increasing the enforcement percentage of the 'quarantine' policy allows for controlled testing and minimizes the risk of blocking legitimate emails.
  • Professional Help: Seeking assistance from email authentication experts can be beneficial, especially for those unfamiliar with DMARC implementation.
  • Testing: It is important to test BIMI implementation before making the DMARC policy live to ensure the correct implementation.
Marketer view

Email marketer from Mailhardener's Blog explains that BIMI helps display your logo in email inboxes, you'll need a DMARC policy set to either quarantine or reject. Make sure to have a valid VMC certificate, which verifies your logo. They emphasize monitoring DMARC reports to prevent deliverability issues.

February 2023 - Mailhardener Blog
Marketer view

Email marketer from EmailSecuritySPF Forum shares that switching to a 'quarantine' policy requires careful monitoring. It's important to use a DMARC reporting tool to get visibility into email authentication results. The marketer suggests gradually increasing the enforcement percentage (e.g., start with 10% quarantine) and monitoring the impact on deliverability.

August 2022 - EmailSecuritySPF Forum
Marketer view

Marketer from Email Geeks shares the process for implementing BIMI or deploying DMARC with an enforcing policy, which involves reviewing DMARC aggregate reports, ensuring all email sources have aligned SPF and DKIM, switching over when aligned, and monitoring reports for problems, along with updating internal SOPs.

October 2023 - Email Geeks
Marketer view

Email marketer from Reddit explains that before changing to a 'quarantine' policy, thoroughly analyze DMARC reports to identify all legitimate email sources and ensure they are properly authenticated with SPF or DKIM. Address any authentication failures before implementing the 'quarantine' policy to avoid impacting legitimate email delivery.

July 2022 - Reddit
Marketer view

Email marketer from OnlyMyEmail Blog states that transitioning to quarantine for DMARC is an important step to take for security. You should first monitor DMARC with a none policy, then gradually change to a quarantine policy over time. They also suggest getting professional help if unsure.

March 2024 - OnlyMyEmail Blog
Marketer view

Email marketer from StackOverflow notes that to successfully implement BIMI, a DMARC policy of either 'quarantine' or 'reject' is necessary. However, make sure you have valid SPF and DKIM records set up correctly, and have been monitoring DMARC reports to prevent blocking legitimate emails. They suggest testing thoroughly before fully implementing quarantine.

December 2021 - StackOverflow
Marketer view

Email marketer from EmailGeek Forums shares their experience of changing DMARC to quarantine and states the main thing is monitoring your dmarc reports. Without this you will have no idea what you are quarantining or rejecting. They would suggest working with an expert to help you.

October 2024 - EmailGeek Forums
Marketer view

Marketer from Email Geeks shares that they moved to p=reject for BIMI and haven't seen any issues, while also providing a link to a BIMI generator resource.

September 2023 - Email Geeks
Marketer view

Marketer from Email Geeks suggests using a service to visualize DMARC reports (e.g., dmarcian.com) and emphasizes the importance of not rushing from a p=none policy to an enforcing policy to avoid breaking legitimate mail.

January 2022 - Email Geeks

What the experts say
2Expert opinions

Experts highlight the importance of a well-planned transition from a DMARC 'none' policy to 'quarantine' for BIMI implementation. They advise careful monitoring of DMARC reports, gradual increases in the quarantine percentage, and verifying SPF and DKIM records. They also recommend using tools to identify email sources and ensure a smooth transition.

Key opinions

  • Monitoring Importance: Careful monitoring of DMARC reports is critical during the transition to 'quarantine'.
  • Gradual Increase: Starting with a small quarantine percentage and gradually increasing it is recommended.
  • SPF/DKIM Verification: Checking both SPF and DKIM records is essential for proper email authentication.
  • Tool Usage: DMARC monitoring tools are helpful for identifying email sources.

Key considerations

  • Planning: The transition from 'none' to 'quarantine' should be carefully planned.
  • Authentication Setup: Ensure confidence in your email authentication setup before increasing the quarantine percentage.
  • BIMI Requirement: BIMI requires a DMARC quarantine or reject policy, making the transition necessary.
Expert view

Expert from SpamResource emphasizes the importance of careful monitoring of DMARC reports when transitioning from 'none' to 'quarantine'. They advise starting with a small percentage of quarantine and gradually increasing it as you gain confidence in your email authentication setup. It's also important to remember to check both SPF and DKIM records.

December 2024 - SpamResource
Expert view

Expert from Word to the Wise highlights that while BIMI requires a DMARC quarantine or reject policy, the transition to a more restrictive policy from 'none' needs to be carefully planned. They suggest that users should use a tool like the WtW DMARC monitoring tool in order to know what sources are sending emails.

March 2024 - Word to the Wise

What the documentation says
4Technical articles

Documentation emphasizes that changing DMARC to 'quarantine' is a crucial step for BIMI eligibility and email security. This policy instructs recipient servers to place failing emails in spam, acting as a middle ground. A phased approach is advised: start with monitoring under a 'none' policy, gradually transition to 'quarantine', and eventually to 'reject'. Continuous monitoring of DMARC reports is essential throughout to identify and fix authentication issues and prevent unintended quarantining of legitimate emails.

Key findings

  • BIMI Requirement: BIMI requires a DMARC policy of 'quarantine' or 'reject'.
  • Phased Approach: A phased approach (none -> quarantine -> reject) is recommended for DMARC implementation.
  • Quarantine Function: 'Quarantine' places failing emails in the spam folder.
  • Email Security: Moving from 'none' to 'quarantine' helps protect against phishing and spoofing.

Key considerations

  • Monitoring: Continuous monitoring of DMARC reports is essential to identify authentication issues.
  • Gradual Enforcement: Gradually increase policy enforcement to avoid unintended quarantining of legitimate emails.
  • Authentication Issues: Identify and fix authentication issues before enforcing stricter policies.
Technical article

Documentation from Bimigroup.org states that to be eligible for BIMI, a domain must have DMARC set up with either a 'quarantine' or 'reject' policy. This ensures that only authenticated emails can display the brand's logo in supporting email clients. The guide also recommends monitoring DMARC reports and gradually increasing the policy enforcement.

May 2023 - Bimigroup.org
Technical article

Documentation from dmarcian.com advises a phased approach to implementing a DMARC quarantine policy. Start by monitoring DMARC reports with a 'none' policy, then gradually move to 'quarantine', and eventually 'reject'. This allows you to identify and fix any authentication issues before enforcing stricter policies.

January 2024 - dmarcian.com
Technical article

Documentation from Google Workspace Admin Help details the steps involved in implementing DMARC including setting the policy. Moving from p=none to p=quarantine is a suggested step to take to protect your domain from phishing and spoofing. The guide highlights the importance of ongoing monitoring using DMARC reports to ensure no legitimate email is being affected by the new DMARC policy.

April 2021 - Google Workspace Admin Help
Technical article

Documentation from Valimail.com explains that changing the DMARC policy to 'quarantine' instructs recipient mail servers to place messages that fail DMARC checks into the recipient's spam folder. It is a middle-ground option between 'none' (monitor only) and 'reject' (block messages). This transition requires careful monitoring of DMARC reports to ensure legitimate emails are not incorrectly quarantined.

February 2024 - Valimail.com