FAQ

Will turning on DMARC block my legitimate email?

Not if you start at p=none - it's monitor-only and changes nothing for recipients. Here's how to ramp safely to quarantine and reject without losing mail.

2 min readLast updated 14 June 2026
Jump to section

No - not if you start the right way. A DMARC policy of p=none is monitor-only: it asks receivers to report on your mail but changes nothing about how messages are delivered. No mail goes to spam, no mail is blocked. It's completely safe to publish.

Mail only starts being affected when you deliberately move your policy to quarantine (spam folder) or reject (blocked) - and you should only do that after the data tells you it's safe.

DMARC is authentication, not spam filtering

First, an important reassurance: DMARC has nothing to do with content or spam filtering. It only checks email authentication - whether a message is properly aligned to your domain via SPF or DKIM. And it only ever acts on unaligned mail. Properly aligned legitimate mail is never affected, even at p=reject.

The safe ramp

This is the core Blankitt DMARC workflow, tracked step-by-step by the Policy Progression Wizard on each Domain detail page:

  1. Start at p=none. Publish your record with your <token>@rua.blankitt.com ingest address and collect reports.

    v=DMARC1; p=none; rua=mailto:<token>@rua.blankitt.com

  2. Collect for ~1-2 weeks. Let aggregate reports build a complete picture of who sends mail as your domain.

  3. Align every legitimate sender. Use the Offenders and Fix Groups pages (with vendor attribution) to find each genuine source and fix its SPF or DKIM alignment. Don't progress until legitimate mail is consistently aligned - the Wizard's checklists tell you when you're ready.

  4. Move to p=quarantine, optionally with a pct ramp. The pct= tag applies the policy to only a percentage of failing mail, so you can roll out gradually:

    v=DMARC1; p=quarantine; pct=25; rua=mailto:<token>@rua.blankitt.com

    Step pct up (25 -> 50 -> 100) as you confirm nothing legitimate is being caught.

  5. Monitor, then move to p=reject for full protection once quarantine is clean.

What to watch as you ramp

  • The Domain detail Grade A-F and Compliance Scorecard show whether alignment is holding.
  • The Dashboard flags top offenders and domains needing attention.
  • SPF drift is re-checked every day, so you're warned if a previously-aligned sender drifts out.

If at any point a legitimate sender starts failing after you've moved policy, you can step back down (e.g. to p=none or a lower pct) at any time - it takes effect as soon as DNS propagates. Because you only enforce after the reports prove your mail is aligned, a careful ramp shouldn't block any legitimate email.

Still stuck? Email support or open the support widget in the bottom-right.