p=quarantine is the DMARC notation for the Quarantine policy. It instructs the email receiver to mark as spam any email that does not pass either SPF or DKIM authentication for a given domain.

In the case of a p=quarantine policy, the receiving mailbox will accept the message and deposit it in the junk or spam folder. This message will still be available to end users looking in their junk folders. The receiver will include the results of this policy action in the DMARC reports for that domain.

Use case

Often referred to as quarantine mode, the p=quarantine policy makes it possible to enforce authentication while still allowing the possibility for later recovery of an incorrectly filed message. Therefore quarantine mode offers a method of enforcing authentication in a somewhat mitigated fashion.

This mode is most sensible for early implementations of DMARC in which the organization fears accidental rejection of some messages due to incomplete or incorrect implementation of DMARC, SPF, or DKIM records. An organization may progress from p=none (also known as monitoring mode) to p=quarantine once it feels it understands which services are sending on its behalf and that these services are correctly configured for success.

In most cases, we do not recommend maintaining p=quarantine status for an excessive length of time. The intent of quarantine is to identify any last few services that might not be authenticating correctly. A p=quarantine setting allows potentially harmful mail to travel to the junk box, where a human target still has the chance to find, open, and act on it. So once you are confident that no additional unauthenticated services are in use, you should move to p=reject.