Quarantine or Reject

"Which should I use, p=quarantine, or p=reject?"

To some extent, this depends on your comfort with the results of policy enforcement.

Use of p=reject will cause DMARC-compliant receivers to completely reject messages which fail DMARC. Senders of those messages immediately receive a bounce message regarding the failure.

Use of p=quarantine will cause DMARC-compliant receivers to perform a "quarantine" action on messages which fail DMARC.  In the case of large inbox providers, the result of the quarantine action is that messages are delivered to the recipient's spam folder.  In the case of some MTA hosts which perform DMARC enforcement, the quarantine result is that messages are posted to a system-level quarantine, accessible only by MTA administrators.  In all instances of a quarantine action being enforced, the delivering host does not receive feedback on the failure.  (DMARC reports sent to the domain owner indicate failures)

Due to the inconsistent quarantine behaviour and lack of feedback in the case of p=quarantine, use of that enforcement should be avoided unless the domain owner frequently and consistently reviews authentication results available via DMARC rua reports.

For a more comprehensive article on this topic, please see https://dmarcian.com/policy-modes-quarantine-vs-reject/