Quarantine in the context of email deliverability refers to the p=quarantine action defined in a DMARC policy. When DMARC is set to quarantine, messages that fail authentication are sent to the recipient's spam or junk folder rather than being delivered to the inbox or rejected outright.
DMARC quarantine vs. other DMARC policies:
| DMARC Policy | Action on Failure | When to Use |
|---|---|---|
p=none | No action — mail delivered, report sent | Initial monitoring phase |
p=quarantine | Failing mail routed to spam/junk | After confirming all legitimate mail passes authentication |
p=reject | Failing mail blocked entirely | When confident all legitimate mail is correctly authenticated |
How quarantine fits into the DMARC progression:
p=quarantine is the recommended intermediate step between p=none (monitoring) and p=reject (enforcement). It lets you enforce authentication for a percentage of failing mail (pct= tag) while limiting blast radius if a legitimate sending source was missed.
Example: v=DMARC1; p=quarantine; pct=25; rua=mailto:dmarc@yourdomain.com
This quarantines 25% of failing messages, letting you observe impact before escalating to 100% or moving to p=reject.
Quarantine and warm-up:
During early warm-up, keep your DMARC policy at p=none to ensure all mail is delivered while you confirm authentication is passing cleanly. Move to p=quarantine only after DMARC aggregate reports show all your legitimate sends are aligned. Jumping to quarantine with misconfigured authentication will quarantine your own mail.
See also: DMARC, Email Authentication.