Suped

Why might an email provider not honor a DMARC p=reject policy?

10 Marketer opinions3 Expert opinions3 Technical articles4 Resources

Summary

Email providers may not honor a DMARC p=reject policy for a multitude of reasons, encompassing technical limitations, strategic decisions, and variations in interpretation. DMARC policies are often seen as suggestions rather than strict rules. Factors such as the desire to avoid blocking legitimate emails due to misconfiguration or forwarding issues, the consideration of sender reputation and user engagement, and the use of internal spam detection mechanisms all influence delivery decisions. Email forwarding often breaks DMARC authentication, leading providers to sometimes disregard the reject policy. Additionally, known and trusted senders may be exempt from strict enforcement to prevent disruption of important communications. The bottom line is that while DMARC p=reject provides a strong signal, individual mailbox providers take a holistic approach to email filtering that goes beyond simply adhering to the policy.

Key findings

  • Policy Suggestion: DMARC policies are often treated as suggestions rather than strict mandates.
  • False Positive Avoidance: Providers prioritize delivering potentially legitimate emails over strict DMARC enforcement to avoid false positives.
  • Holistic Assessment: Mailbox providers consider numerous factors beyond DMARC, including sender reputation, user engagement, and spam filtering algorithms.
  • Forwarding Complications: Email forwarding commonly disrupts DMARC authentication, leading to policy exceptions.
  • Trusted Sender Override: Known and trusted senders may be exempt from strict DMARC enforcement.
  • Provider Variation: Different mailbox providers interpret and implement DMARC policies in varying ways.
  • Reputation Influence: Strong sender reputation can override DMARC reject policies.

Key considerations

  • DMARC as a Guide: Use DMARC as a valuable tool, but understand that it is not the only factor in deliverability.
  • Reputation Building: Focus on establishing and maintaining a positive sender reputation.
  • Engagement Analysis: Monitor user engagement to identify potential issues and improve deliverability.
  • Forwarding Implications: Address potential DMARC failures related to email forwarding.
  • Provider Specifics: Research the specific DMARC implementation policies of major mailbox providers.
  • Configuration Accuracy: Ensure correct DMARC configuration to avoid unintended consequences.
  • Multiple Signals: DMARC is one of many signals used to filter emails.

What email marketers say
10Marketer opinions

Email providers may not always honor a DMARC p=reject policy due to several factors. These include: the policy being a suggestion rather than a strict requirement, the desire to avoid blocking legitimate emails due to misconfigurations or forwarding issues, the consideration of factors beyond DMARC such as sender reputation and user engagement, and the potential for DMARC authentication to fail during email forwarding. Providers also take into account whether the sender is known and trusted, and might override the policy to prevent disruption of important communications. Moreover, the possibility of improper DMARC configuration by the sending domain can lead providers to ignore the 'reject' policy to avoid blocking legitimate but misconfigured email.

Key opinions

  • Policy Suggestion: DMARC 'reject' is a suggestion, not a strict mandate for providers.
  • Preventing False Positives: Providers prioritize delivering potentially important messages even if DMARC fails, to avoid blocking legitimate emails.
  • Holistic Assessment: Mailbox providers consider factors like sender reputation and user engagement in addition to DMARC.
  • Forwarding Issues: Email forwarding often breaks DMARC, leading providers to disregard the 'reject' policy.
  • Known Senders: Trusted senders may bypass DMARC 'reject' to ensure important communications are delivered.
  • Misconfiguration Handling: Providers might ignore 'reject' to avoid blocking legitimate mail due to sender misconfiguration.

Key considerations

  • DMARC as a Signal: DMARC is a strong signal, but not the only factor in deliverability decisions.
  • Reputation Matters: A strong sender reputation can influence how providers treat DMARC failures.
  • User Engagement: User interaction with your emails impacts deliverability, even with DMARC in place.
  • Forwarding Implications: Consider the impact of forwarding on DMARC authentication and adjust strategy accordingly.
  • Configuration Accuracy: Ensure DMARC is configured correctly to avoid unintended deliverability issues.
  • No Guarantee: Implementation of a DMARC policy p=reject does not guarantee rejection of emails.
Marketer view

Email marketer from EasyDMARC states that mailbox providers consider various factors beyond DMARC, like sender reputation and user engagement, to decide whether to deliver, quarantine, or reject an email. The 'reject' policy is not always the only determining factor.

October 2022 - EasyDMARC
Marketer view

Email marketer from Reddit suggests that providers may override DMARC 'reject' policies if the email originates from a known and trusted sender, even if it fails authentication checks. This is to prevent disruption of important communications.

June 2022 - Reddit
Marketer view

Email marketer from EmailSecurityForum mentions that if DMARC is improperly configured by the sending domain, a provider may choose to ignore the 'reject' policy rather than block legitimate but misconfigured email. This ensures users don't miss important messages due to technical errors.

November 2023 - EmailSecurityForum
Marketer view

Email marketer from EmailGeeksForum explains that even with p=reject, high sender reputation can cause providers to override DMARC in order to ensure mail is delivered, especially if the user typically engages with mail from that sender.

December 2024 - EmailGeeksForum
Marketer view

Email marketer from Email Geeks mentions that Microsoft has historically treated reject as quarantine, highlighting that not every Mailbox Provider honors DMARC policies exactly.

May 2021 - Email Geeks
Marketer view

Email marketer from Reddit notes that email forwarding often breaks DMARC authentication, and providers might choose to ignore a 'reject' policy in such cases to ensure forwarded emails still reach their intended recipients.

September 2021 - Reddit
Marketer view

Email marketer from Mailjet shares that some providers might not strictly enforce the 'reject' policy to avoid blocking legitimate emails that fail DMARC due to misconfiguration or forwarding issues, prioritizing the delivery of potentially important messages.

January 2025 - Mailjet
Marketer view

Email marketer from Email Geeks shares that they asked Proton about the issue of not honoring DMARC earlier in the month and Proton is aware of it.

August 2021 - Email Geeks
Marketer view

Email marketer from Email Geeks explains that many providers don't honor p=reject because it's a policy suggestion, not a requirement.

January 2022 - Email Geeks
Marketer view

Email marketer from Postmark shares that some ISPs are hesitant to implement a reject policy due to the risk of blocking legitimate email. They may quarantine it or deliver it to the junk folder instead, even when DMARC enforcement would dictate outright rejection.

June 2024 - Postmark

What the experts say
3Expert opinions

Email providers may not consistently honor a DMARC p=reject policy due to a variety of reasons. These range from technical considerations like issues with email forwarding and variations in how providers interpret and implement DMARC, to strategic decisions such as prioritizing legitimate email delivery over strict policy enforcement and using internal factors like sender reputation and user engagement to make filtering decisions.

Key opinions

  • Provider Interpretation: Mailbox providers interpret and implement DMARC policies differently.
  • Forwarding Issues: Email forwarding can interfere with DMARC authentication.
  • False Positive Concerns: Providers may quarantine instead of reject to avoid blocking legitimate emails.
  • Alternative Factors: Sender reputation, user engagement, and internal algorithms influence delivery decisions.
  • Intentional Disregard: Some providers may intentionally disregard DMARC, or see it as problematic.

Key considerations

  • Policy Variations: Be aware that DMARC policies are not universally enforced in the same way.
  • Reputation Building: Maintain a strong sender reputation to improve email deliverability.
  • Engagement Analysis: Monitor user engagement metrics to understand how your emails are received.
  • Forwarding Strategies: Consider the impact of forwarding on your DMARC compliance.
  • ISP Specifics: Research how specific ISPs handle DMARC policies to optimize your strategy.
Expert view

Expert from Spam Resource shares that even when a domain implements a p=reject policy, mailbox providers may choose to make exceptions based on various factors, including the sender's historical reputation, user engagement patterns, and internal spam filtering algorithms. Legitimate mail may still be delivered even if it fails DMARC.

February 2025 - Spam Resource
Expert view

Expert from Word to the Wise explains that not all mailbox providers interpret and implement DMARC policies in the same way. Some providers may choose to quarantine instead of reject due to concerns about false positives or internal policies.

January 2025 - Word to the Wise
Expert view

Expert from Email Geeks explains there are many reasons why Proton might not honor a DMARC p=reject policy, including known forwarder issues, internal decision-making processes, intentional disregard for DMARC, or seeing DMARC as problematic for legitimate mail.

July 2022 - Email Geeks

What the documentation says
3Technical articles

Even with a DMARC p=reject policy, email providers like Google and Microsoft may not strictly enforce rejection. Their final delivery decisions depend on various factors, including spam detection mechanisms, risk assessments, and user-specific preferences. DMARC.org emphasizes that these policies are suggestions, and receiving mail servers retain the right to make their own decisions based on factors beyond DMARC, such as reputation and content analysis. Therefore, full rejection isn't guaranteed.

Key findings

  • DMARC as Suggestion: DMARC policies serve as suggestions rather than absolute directives.
  • Holistic Assessment: Providers consider various factors beyond DMARC, like reputation, content, and user preferences.
  • Spam Detection: Google and Microsoft use their own spam detection mechanisms, which can override DMARC.
  • Risk Mitigation: Providers prioritize protecting users from false positives, even if it means not rejecting mail.

Key considerations

  • Comprehensive Strategy: Implement a holistic email security strategy that goes beyond DMARC.
  • Reputation Management: Focus on maintaining a strong sender reputation.
  • Content Quality: Ensure your email content is high-quality and avoids spam triggers.
  • User Engagement: Encourage positive user engagement to improve deliverability.
  • Policy Awareness: Understand that DMARC policies are not always strictly enforced.
Technical article

Documentation from DMARC.org explains that DMARC policies are suggestions, and receiving mail servers retain the right to make their own decisions based on factors beyond DMARC. These can include reputation, content analysis, and user-specific preferences. Full rejection isn't guaranteed.

June 2023 - DMARC.org
Technical article

Documentation from Microsoft Defender for Office 365 highlights that even with a DMARC 'reject' policy, Microsoft may choose to quarantine the message instead of rejecting it outright. This is based on their own assessment of the email's overall risk and to protect users from potential false positives.

February 2024 - Microsoft
Technical article

Documentation from Google Workspace Admin Help explains that even with a 'reject' policy, final delivery decisions depend on various factors, including other signals and Google's spam detection mechanisms. Google may still deliver messages to the inbox or spam folder, even if DMARC specifies rejection.

April 2023 - Google Workspace Admin Help

Related resources
4Resources

How to Configure DMARC Policy to Reject or Quarantine
How to Configure DMARC Policy to Reject or Quarantine

The warning “DMARC quarantine reject policy not enabled” means that your domain lacks a DMARC policy that is set to either quarantine or reject.

Valimail -
How do spoof emails get past SPF, DKIM, and DMARC ...
How do spoof emails get past SPF, DKIM, and DMARC ...

Hello Pretty much as per the subject line, we have SPF, DMARC and DKIM records in place for our mail domains, but a test spoof email from KnowBe4 still got through. As a result they suggested c reating an Exchange Mail Flow rule to stop spoofing, but surely this shouldn’t be necessary? This is very disappointing.

Spiceworks Community
How to prevent spoofed emails from being delivered (EOP ...
How to prevent spoofed emails from being delivered (EOP ...

Hi, we keep getting spoofed emails and my expectation is that these emails should not be delivered to the user’s mailbox. This is the expectation of our users as well. However, Exchange Online sends these emails into the user’s spam folder. For example, This email is displayed in Outlook as from john.smith@ourcompany.com and to john.smith@ourcompany.com. This is from the header, Authentication-Results: spf=pass (sender IP is 90.183.169.69) smtp.mailfrom=fspnet-mail.cz; dkim=none (message no...

Spiceworks Community
Microsoft announces its new handling of DMARC policies - Red Sift ...
Microsoft announces its new handling of DMARC policies - Red Sift ...

Microsoft has announced that from July 2023, it will honor DMARC policies in M365 and its consumer properties.

Red Sift Blog

Related questions