The action selected in the Anti-Spam setting for DMARC is not applied for all inbound emails that failed DMARC.

You expect that one of the action: Append a header but allow the email through, Append a header and redirect the email to a bulk mail address, Block and delete the email, Tag the subject line but allow the email through, Quarantine the email, Use sender's DMARC policy is executed for all emails failing DMARC check, but it applies only for the part of emails.

Email Security.cloud

When you enable DMARC for a domain, inbound email to that domain is verified against the DMARC policy of the reported sender. Percentage of messages subjected to filtering is a value with pct tag in sender's DMARC record.

The sender has a DMARC record with tag pct lower than 100. Below is an example of what a DMARC record may look like.

"v=DMARC1; p=reject; pct=40; rua=mailto:[email protected]"

This indicates that 40 percent of messages are subjected to filtering and have executed action selected in the Email Security.cloud Anti-Spam settings for DMARC.

Additional resources to help understand spoofed sender detection with DMARC:

• Enabling spoofed sender detection with DMARC
• DMARC Homepage