Email DNS Check

DMARC pct Tag Explained

The DMARC pct tag controls the percentage of messages to which the published DMARC policy applies. It allows a domain to roll out quarantine or reject gradually instead of enforcing the policy across all traffic immediately.

One-Minute Fix

Use pct only when you want to phase in stricter DMARC enforcement while monitoring the results carefully.

Gradual enforcement example
DNS TXT
v=DMARC1; p=quarantine; pct=50; rua=mailto:dmarc@example.com

This tells receivers to apply the quarantine policy to only part of the failing mail stream, which can make rollouts safer.

Re-check

Wrong vs correct setup

Wrong setup

Wrong setup
DNS TXT
v=DMARC1; p=reject; pct=100; rua=mailto:dmarc@example.com

This is not inherently invalid, but it is a poor gradual-rollout example. If you are still learning how legitimate mail behaves, full reject at 100 percent may be too aggressive.

Correct setup

Correct setup
DNS TXT
v=DMARC1; p=quarantine; pct=50; rua=mailto:dmarc@example.com

This is the correct gradual-enforcement pattern. It allows the domain to apply quarantine to part of the mail stream while reviewing reports and reducing rollout risk.

Why this matters

DMARC enforcement can be risky if legitimate senders are not fully aligned yet. The pct tag helps domains increase enforcement gradually rather than making an immediate all-or-nothing move.

Why this is a problem

  • Domains can enforce too aggressively before understanding legitimate traffic.
  • Without a gradual rollout, real mail can be impacted faster.
  • Teams may confuse policy level with rollout percentage.
  • Poor pct use can create a false sense of control if reports are not reviewed.

How this affects deliverability

Used correctly, pct can make enforcement safer by limiting the blast radius of a stricter DMARC policy. Used carelessly, it can hide unresolved alignment issues or delay full protection too long.

Common causes

  • Domains moved to quarantine or reject before auditing all senders.
  • Teams wanted a safer rollout but did not understand the pct tag.
  • Copied DMARC templates included pct without a clear rollout plan.
  • Report data was not reviewed while pct-based rollout was active.

What we checked

We reviewed whether the DMARC record publishes a pct tag and whether that percentage makes sense for the current enforcement stage.

Live DNS lookup. No login. No saved domains. No tracking.

FAQ

Does pct affect messages that already pass DMARC?

No. The pct tag applies to messages that fail DMARC and are subject to policy enforcement.

Should I use pct with p=none?

Usually no. The pct tag is most useful when you are phasing in quarantine or reject.

Does pct guarantee exactly that percentage everywhere?

Not necessarily. It is an instruction to receivers, and provider behavior can vary.

Next steps

  • Decide whether you need gradual enforcement at all.
  • Use p=none first if the domain is still in the monitoring stage.
  • Set pct below 100 only when rolling out quarantine or reject cautiously.
  • Review DMARC reports while pct is active.
  • Increase pct gradually as legitimate failures are resolved.
  • Review the full troubleshooting guidance in the DMARC Hub.
  • Explore sender authorization issues in the SPF Hub.
  • Check signing and selector issues in the DKIM Hub.

Related fixes

Explore more issues