DMARC set to monitoring only

DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email security standard that specifies what to do when an email fails authentication checks. The monitoring-only setting (p=none) collects reports but takes no action against suspicious emails. With DMARC in monitoring mode, emails that fail authentication — including phishing attempts using your domain name — are still delivered to recipients rather than being blocked or sent to spam. Your domain remains vulnerable to impersonation. Review the DMARC reports being collected to confirm all your legitimate email senders are correctly authenticated. Then ask your IT provider to update the DMARC policy to p=quarantine (sends failing emails to spam) and eventually p=reject (blocks them entirely).

Why this matters

With DMARC in monitoring mode, emails that fail authentication — including phishing attempts using your domain name — are still delivered to recipients rather than being blocked or sent to spam. Your domain remains vulnerable to impersonation.

How to fix it

Review the DMARC reports being collected to confirm all your legitimate email senders are correctly authenticated. Then ask your IT provider to update the DMARC policy to p=quarantine (sends failing emails to spam) and eventually p=reject (blocks them entirely).