ipfour
ServicesCybersecurityCloud Infrastructure and DevOpsMicrosoft 365 and ProductivityManaged IT SupportBackup and DRIT ConsultancyCommunications and VoIPNetwork InfrastructureEmail SecurityRemote and Hybrid WorkingCompliance and CertificationAI Services
CompanyWhy IP FourAbout UsCase StudiesSectorsContact
020 4525 3748Free Security Review
DNS management console showing DMARC policy record configuration with monitor quarantine and reject policy stages
DMARC Policy Implementation

From monitoring to reject without blocking legitimate email.

Most DMARC deployments stall at monitoring because organisations fear blocking legitimate email. IP Four moves you through every stage correctly, authenticating all sending sources before enforcement so your domain is protected without disruption.

Get a Free DMARC Check020 4525 3748
Monitor to Reject
Subdomain Coverage
Zero Legitimate Email Blocked
83%
of UK organisations have no DMARC enforcement policy in place
48hrs
typical time to deploy DMARC monitoring and begin collecting data
100%
of domain spoofing attacks stopped by correctly enforced DMARC reject policy
Capabilities

Every stage of DMARC deployment handled correctly.

DMARC policy implementation is not a single step. Each phase requires careful validation before moving forward. We manage every stage so enforcement is achieved without disrupting your business.

DMARC Monitoring Mode Deployment

DMARC deployed in p=none monitoring mode as the first step. All email continues to flow while aggregate reports reveal every source sending on behalf of your domain. No disruption to legitimate mail during discovery.

p=none PolicyZero DisruptionSource Discovery

Quarantine Policy Transition

Once all legitimate sending sources are authenticated, policy moves to p=quarantine. Unauthenticated emails are directed to spam folders rather than inboxes. Controlled transition with monitoring throughout.

p=quarantineControlled TransitionSpam Folder Routing

Full Reject Enforcement

Final enforcement stage moves policy to p=reject. Any email failing DMARC authentication is rejected outright at the receiving mail server. Domain spoofing attacks stopped completely at the protocol level.

p=rejectFull EnforcementProtocol-Level Blocking

Subdomain Policy Coverage

DMARC policy extended to cover all subdomains including those not actively used for email. Attackers frequently target unused subdomains for spoofing. Subdomain policy prevents this attack vector entirely.

Subdomain Coveragesp= PolicyUnused Domain Protection

Percentage-Based Rollout

Policy applied to a percentage of email traffic during transition phases. Allows gradual enforcement with real-world validation before full deployment. Reduces risk of legitimate email disruption during rollout.

pct= ParameterGradual RolloutRisk Reduction

Policy Documentation and Handover

Full documentation of your DMARC policy configuration, rationale, and maintenance procedures. Handover pack includes record values, monitoring setup, and escalation procedures for your IT team.

Full DocumentationIT HandoverMaintenance Guide
How It Works

From audit to full enforcement.

01

Domain and DNS Audit

Full audit of your current DNS records including any existing DMARC, SPF, and DKIM configuration. Identify all subdomains and assess current authentication posture before any changes are made.

02

Monitoring Mode Deployment

DMARC record deployed in p=none monitoring mode. Reporting addresses configured to collect aggregate and forensic reports. No impact on email flow during this phase.

03

Report Analysis and Source Mapping

DMARC aggregate reports collected and analysed over 4 to 6 weeks. Every sending source identified and mapped. Legitimate sources authenticated via SPF and DKIM before policy tightening begins.

04

Quarantine Policy Activation

Policy moved to p=quarantine once all legitimate sources are authenticated. Monitoring continues to catch any missed sources. Percentage-based rollout used if required for large or complex environments.

05

Reject Policy Enforcement

Full p=reject enforcement activated after quarantine phase validates no legitimate email is affected. Subdomain policy applied simultaneously. Domain spoofing attacks stopped at the protocol level.

06

Ongoing Monitoring and Maintenance

Monthly DMARC report reviews to catch new sending sources and policy failures. Records updated when new services are added. Annual full review of all sending sources and policy configuration.

Real Results

How we have protected UK businesses.

Accountancy Firm Domain Spoofing Attack

A Manchester accountancy firm discovered criminals were sending emails to their clients from their exact domain, requesting updated bank details ahead of year-end tax payments.

DMARC monitoring deployed within 24 hours. All legitimate sources authenticated within 5 days. Reject policy enforced on day 7. Spoofing attacks stopped completely. Clients notified and firm reputation protected.

Cyber Essentials Certification Gap

A Birmingham technology company needed Cyber Essentials Plus certification. Their assessor identified missing DMARC enforcement as a critical gap that would prevent certification.

Full DMARC implementation completed in 3 weeks including monitoring, quarantine, and reject phases. Cyber Essentials Plus certification achieved. Ongoing monitoring maintained as part of managed service.

Multi-Brand Organisation Policy Rollout

A Leeds retail group with 4 trading brands needed DMARC enforcement across all domains simultaneously. Each brand used different email platforms and third-party marketing services.

Phased rollout across all 4 domains over 8 weeks. All sending sources authenticated including 3 marketing platforms and a CRM. Full reject enforcement achieved across all domains without a single legitimate email blocked.

Ready to Start?

Check your DMARC status in 60 seconds.

Our free DMARC check tells you instantly whether your domain can be spoofed and what policy is currently in place. Takes 60 seconds and costs nothing.

Get Your Free DMARC CheckAll DMARC Services