One of the key components of DMARC is its ability to generate aggregate reports, which summarize the results of email authentication checks. Within these reports, you may encounter the term "sampled_out", which might leave you wondering what it means and how it impacts your email security strategy.
What does "Sampled_Out" mean?
sampled_out: The message was exempted from the application of policy by the "pct" tag in the DMARC policy record. (source: RFC7489)
In DMARC, the "pct" tag specifies the percentage of messages from a domain that should be subject to DMARC policy enforcement. This provides domain owners with flexibility in gradually implementing their DMARC policies without fully enforcing them on all emails immediately.
When a domain owner sets the "pct" value to something less than 100%, only a portion of the email messages are subjected to DMARC authentication checks. The emails that fall outside of the selected percentage are labeled as "sampled_out" and are exempt from the policy enforcement. This helps to reduce the volume of emails processed and reported during the policy rollout.
DMARC record example with “pct” tag:
v=DMARC1; p=reject; pct=25; rua=mailto:dmarc-reports@yourdomain.com;
Not to be used: If you have a DMARC 'pct' value of less than 100, you will receive reports for exempted messages. The 'Sampled Out' column will then have the value 'Yes'. This would explain why a DMARC policy was not applied to messages where DKIM, SPF, and ARC did not produce a 'pass' value.