What are the implications of using a DMARC policy of p=none?
Summary
What email marketers say9Marketer opinions
Email marketer from StackOverflow explains that the main reason to use p=none is for monitoring. You get reports showing which IPs are sending mail using your domain, and how many are failing DMARC. You use this info to adjust your SPF and DKIM settings before enforcing DMARC.
Marketer from Email Geeks agrees with starting with a DMARC policy of 'None' based on his readings and webinars.
Marketer from Email Geeks shares that they've heard that 'p=none' is essentially the same as not having a DMARC policy because it instructs the mailbox provider (MBP) to accept the email even if it fails authentication.
Email marketer from EasyDMARC shares that setting DMARC to p=none is like a reconnaissance mission. It gives you crucial insights into who is sending emails on behalf of your domain without affecting email deliverability, which is important for identifying potential spoofing or unauthorized senders.
Email marketer from Postmark explains that using p=none is a safe first step when implementing DMARC. It allows you to identify all your sending sources and ensure they're properly authenticated before moving to a stricter policy that could block legitimate emails.
Email marketer from Reddit explains that p=none allows all email to pass, even if it fails DMARC. The purpose is to gather data and analyze email traffic before taking more restrictive action.
Email marketer from Mailjet shares that a policy of p=none lets you collect data about your email authentication status without impacting deliverability. You can see where emails are coming from and if any are failing authentication, which helps in identifying legitimate sending sources.
Marketer from Email Geeks explains that some mistakenly believe 'None' means emails *must* be delivered to the inbox even if they fail DMARC. In reality, it means the sender is telling the receiver, 'Do not do anything different than what you are already doing when it fails DMARC'.
Email marketer from Email Marketing Forum shares that with p=none, you can identify which third-party services (like marketing automation platforms) are sending emails on your behalf and whether they are correctly configured with SPF and DKIM. This prevents legitimate emails from being blocked when you transition to a stricter policy.
What the experts say4Expert opinions
Expert from Word to the Wise shares that using p=none allows you to see how your email is being handled without causing deliverability problems. It is also an important tool to help you find places that send mail you don’t know about. It can also help you find authentication problems in your known sending sources.
Expert from Email Geeks explains that starting with a DMARC policy of 'None' is advisable, as enforcing it too early can risk losing mail.
Expert from Spam Resource explains that using 'p=none' is primarily for monitoring purposes. It allows domain owners to receive reports on email traffic using their domain, including information on authentication failures, without affecting the delivery of legitimate emails. It helps identify legitimate sending sources that might not be properly configured.
Expert from Email Geeks clarifies that a DMARC policy of 'None' means that no specific action should be taken based on the DMARC evaluation outcome but that RUA data should still be sent.
What the documentation says3Technical articles
Documentation from Google Workspace Admin Help explains that setting a DMARC policy to p=none allows you to monitor DMARC reports without impacting email delivery. It advises regularly reviewing these reports to identify sending sources and authentication issues before moving to a stricter policy.
Documentation from DMARC.org explains that a DMARC policy of p=none means 'take no action' regarding emails that fail DMARC authentication. It's primarily used for gaining visibility into email streams and assessing the impact of moving to stricter policies.
Documentation from Microsoft Learn explains that a DMARC policy of p=none allows messages to be delivered regardless of DMARC status, but reports are sent to the address specified in the DMARC record's RUA tag. This is useful for monitoring email sources without immediately affecting deliverability.