The DMARC message rejection option SHALL be p=reject.

Why This Matters

Without a DMARC policy set to p=reject, malicious actors can spoof your organization's domain to send phishing or fraudulent emails. This weakens trust in your brand and increases the risk of your domain being used in email-based attacks against customers and partners.

What Aether365 Checks

Aether365 verifies that the DMARC TXT record for your domain includes the policy tag p=reject. This check appears in the Aether365 dashboard under Microsoft 365 checks.