You moved DMARC to p=quarantine or p=reject and now real mail — invoicing, CRM, newsletters — lands in spam or bounces. It looks like turning on DMARC “broke” your email.
Enforcement didn't break anything new — it revealed a sender that was never aligned. At p=none every failure is delivered silently; the moment you raise the policy, those same failing-but-legitimate senders get quarantined or rejected. That's why the standard rollout is p=none first: monitor aggregate reports long enough to enumerate every legitimate sender and fix its SPF/DKIM alignment before tightening. Microsoft's own DMARC setup guidance is to sit at p=none, then step up gradually — jumping straight to p=reject is the single most common cause of blocking your own mail. Source: Microsoft — Set up DMARC · verified 2026-07-15
p=none (or p=quarantine; pct=…) to stop the bleeding while you diagnose.pct first, then reject.DNS changes propagate within minutes to 48 hours. Mailbox providers pick up the new records on their next check — most senders see bounces stop within a day of correct configuration.
Formal enforcement targets bulk senders, but partial authentication already costs you inbox placement at every volume — and spoofing protection matters regardless of how much you send.
Hosting support can add DNS records for you, but they don't know which services send as your domain. You (or a monitoring tool reading your DMARC reports) have to provide that list — that's the actual hard part.