diff --git a/applications/email.nix b/applications/email.nix
index 41c9b3b..b7b07bc 100644
--- a/applications/email.nix
+++ b/applications/email.nix
@@ -145,7 +145,11 @@ in {
       {
         record = "_dmarc.${cfg.domain}.";
         r_type = "TXT";
-        value = ''"v=DMARC1; p=none"'';
+        value = ''"v=DMARC1; p=quarantine; rua=mailto:mailman@skynet.ie; pct=100; adkim=r; aspf=r; sp=none"'';
+        #sp value which is left out , for different dmarc policy for subdomains
+        #quarantine = sends to spam, reject = never sent
+        #pct = percent of emails passed through dmarc, might want to be lower than 100 for testing
+        #adkim, aspf see https://support.google.com/a/answer/10032169#zippy=%2Cdmarc-record-tag-definitions-and-values
       }
 
       # reverse pointer