All of my systems ask me to set up a DMARC record, and I want to. It seems to be universally recommended now. However, no one will be monitoring the email performance of the website, or would know how to interpret reports if they were generated. The site does have SPF and DKIM records already.
Is it alright and relatively safe to set up a DMARC record with no "rua" tag and no "ruf" tag? I'm thinking of something simple like:
v=DMARC1; p=quarantine; fo=1; pct=100
The result would hopefully be that spoofed email would go to the spam filter (quarantined) but would not be auto-deleted. That seems like the best result, under the circumstances.
If we were to hear that mail was not being delivered as expected (and we could run tests to check), and we found that the messages were indeed in the recipient's spam filter, we could look into it.
Would the results likely be any different with no DMARC record at all?
Is it better to set this up in some way similar to the above (with no rua or ruf), or not publish a DMARC record at all?
Please help me to understand the options, and any reasons why this might be a bad idea!
I don't know much about DMARC records, despite having tried to read about them, but as a web developer I am tasked with setting them up.