⚡ Folderly Flash Test my email →

Move your DMARC policy off p=none

DMARC ties SPF and DKIM to your visible From domain and tells receivers what to do when neither aligns. A policy of p=none means 'monitor only' — it neither protects you from spoofing nor earns you full trust. Many senders publish p=none and never advance.

Why mailbox providers enforce this

Gmail and Yahoo require a DMARC record for bulk senders, and they increasingly favor enforced policies (quarantine/reject). p=none authenticates nothing in practice — a spoofer can forge your From domain and still be delivered. Moving to enforcement is one of the highest-leverage trust signals available.

How to fix it

  1. Publish a DMARC TXT record at _dmarc.yourdomain (e.g. v=DMARC1; p=none; rua=mailto:reports@yourdomain).
  2. Collect aggregate (rua) reports for 2-4 weeks to confirm all legitimate senders pass SPF or DKIM alignment.
  3. Once clean, raise the policy to p=quarantine, then to p=reject.
  4. Use the pct= tag to roll out enforcement gradually (e.g. pct=25) if you send high volume.
  5. Keep monitoring rua reports after enforcement — new senders break alignment silently.
Don't guess — measure it. Send one email to Folderly Flash and see exactly which checks pass or fail for your message, in 30 seconds. No signup.
Run a free test →

FAQ

Is p=none bad?
It's a fine starting point for monitoring, but staying there indefinitely means you get the reporting benefit and none of the protection or the full trust signal. The goal is to graduate to p=quarantine or p=reject.
Will moving to p=reject block my real email?
Only if a legitimate sender isn't aligned. That's why you monitor rua reports first — fix alignment for every real sender, then enforce.

Related

Want a deliverability engineer to fix this for you? Hand it to Folderly →