What is the pct (percentage) tag in a DMARC Record?

DMARC pct(percentage) tag

The DMARC pct tag is part of this record and tells an email receiver what percentage of messages under this policy will be affected. If you as a domain owner want to specify what to do with an email that fails authentication, DMARC records can help you with that. A company can publish a text record in the DNS and specify what they want to happen to emails that fail source alignment by determining whether to deliver it, quarantine it, or even outright reject it. 

What does pct mean in DMARC?

A TXT record for any email authentication protocol contains a bunch of mechanisms or tags that signify instructions dedicated to the email receiving servers. In a DMARC record, pct is an acronym for percentage which is included to address the percentage of emails that the DMARC policy defined by the domain owner is applied to.

Why do you need the DMARC pct tag?

The pct tag is an oft-overlooked, but nevertheless effective way to set up and test your domain’s DMARC policies. A DMARC record with a percentage tag looks something like the following: 

v=DMARC1; p=reject; pct=100; rua=mailto:[email protected];

In the DMARC DNS record shown above, the percentage of emails for which the DMARC reject policy is applicable is 100%. 

The time that it takes for a domain to go from not using DMARC at all, to using the most restrictive settings is a ramp-up period. This is intended to give domains time to become comfortable with their new settings. For some businesses, this could take a few months. It’s possible for domains to do an instant upgrade, but this is uncommon due to the risk of higher errors or complaints. The pct tag was designed as a way to gradually enforce DMARC policies to cut down on the roll-out period for online businesses. The intent is to be able to deploy it for a smaller batch of emails first before deploying it fully to the whole mail stream like in the case shown below: 

v=DMARC1; p=reject; pct=50; rua=mailto:[email protected];

In this DMARC DNS record, the reject policy for DMARC applies to only 50% of the emails, while the other half of the volume is subjected to a quarantine policy for DMARC, which is the second strictest policy in line. 

What will happen if you don’t include a pct tag in your DMARC record?

While creating a DMARC record using a DMARC record generator, you might choose not to define a pct tag and leave that criterion empty. In this case, the default setting for pct is set to 100, which means that your defined policy will apply to all your emails. Hence, if you want to define a policy for all your emails, a simpler way to go about it would be to leave the pct criterion blank, like in this example: 

v=DMARC1; p=quarantine; rua=mailto:[email protected];

Warning: If you want an enforced policy for DMARC, do not publish a record with pct=0

The logic behind this is simple: if you want to define a reject or quarantine policy in your record, you essentially want the policy to be levied on your outbound emails. Setting your pct to 0 nullifies your effort as your policy is now applicable to zero emails. This is the same as having your policy mode set at p=none. 

Note: In order to protect your domain from spoofing attacks and stop any chances of your domain being impersonated by attackers, the ideal policy should be DMARC at p=reject; pct=100; 

Shift to DMARC enforcement safely by starting your DMARC journey with PowerDMARC. Take a free DMARC trial today!

Latest posts by Syuzanna Papazyan (see all)
/by