Comcast moving to p=quarantine DMARC policy

Comcast is updating the DMARC policy for, the domain used for Comcast Xfinity customer mailboxes.

You may recall that Comcast has a number of domains, but that it ultimately boils down to comcast.COM addresses (and subdomains) are for employees and company purposes and comcast.NET addresses are for email addresses used by their cable internet customers 

Comcast's Alex Brotman recently noted on the Mailop list that Comcast intends to move to a "p=quarantine/sp=reject" DMARC policy for the domain and they're aiming for July 15, 2024 to make the change. Current DMARC policy for is "p=none/sp=quarantine."

This new policy of quarantine means that you'll no longer be able to use as a from address when using any sort of email service or platform other than Comcast Xfinity's own mail service. Meaning, if you're using a address as the from address on a newsletter that you're sending via Mailchimp, Beehiiv, Buttondown or some other newsletter platform, you'll have to change that from address, else you'll see significant deliverability issues.

Using your own domain (only) in the from address of any email you send through any email service provider (ESP) or newsletter platform has long already been a best practice, and even moreso reinforced by Google and Yahoo's recently sender requirement updates. (As an example, Google explicitly warns everyone to stop sending mail as "" by way of saying "don't impersonate Gmail from: headers.)

If you weren't already aware of the differences between p= and sp=, "p=" means "DMARC policy for the domain overall," and "sp=" means "DMARC policy for any subdomains underneath that top level/organizational domain. Thus the move to sp=reject means that if somebody attempts to send mail as, those attempts would likely be thwarted by the "reject" DMARC policy for that subdomain.

As far as the corporate email domain, they've already implemented a "p=reject" policy for that domain. (And as their DMARC record has no "sp=" value defined, the "reject" policy applies to subdomains under, as well.)

It's great to see another large mailbox provider secure their domain and help reinforce the recommendation of a strict DMARC policy as best practice. Thanks, Comcast!

Having trouble sending email to subscribers? Start with the Comcast Postmaster information section on their website. It provides information about what kind of blocks can happen, how to deal with them, and what the process is, if you need to reach out to them for assistance.

Post a Comment