Common DMARC Errors for Outgoing Emails | EasyDMARC

DMARC Rejection Errors: 554 5.7.5 Permanent Error Explained

Last Modified on: September 9, 2025
4 Min Read
top image DMARC error

When sending email, you may face rejections such as 554 5.7.5 permanent error evaluating dmarc policy. These errors aren’t random. They mean your domain’s DMARC, SPF, or DKIM setup is broken. Most cases come down to DNS syntax issues or misalignment under DMARC enforcement.

Common Error Messages

You can see error messages like:

  • 554 5.7.5 permanent error evaluating DMARC policy
  • remote server returned ‘554 5.7.5 permanent error evaluating DMARC policy’
  • 451 4.7.5 temporary error evaluating DMARC policy
  • permanent error evaluating DMARC policy
  • email rejected per DMARC policy

Common SMTP error codes can start with 554, which means that the transaction has failed. It’s a permanent error, and the server will not try to send the message again.

These are the real-world error strings you’ll often see when DMARC fails:

  • 554 5.7.5 permanent error evaluating DMARC policy (generic across multiple providers)
dmarc 554 5.7.5 permanent error evaluating dmarc policy
  • 521 5.2.1 This message failed DMARC evaluation and is being refused due to provided DMARC policy (Google)
  • 550 5.7.1 Unauthenticated email from example.com is not accepted due to the domain’s DMARC policy (Google)

Important Notes:

  • You might also see “email rejected per DMARC policy” or “Unauthenticated email not accepted” variants depending on the receiving MTA.
  • Generic 550/554 rejections without DMARC in the string – those are often unrelated (spam blocks, RBL hits, etc.).

Why DMARC Permanent Errors (554 5.7.5) Happen

  • Invalid DNS syntax: bad quoting, missing semicolons, or wrong separators.
  • Policy enforced but not aligned: DMARC set to p=quarantine or p=reject while SPF/DKIM fail alignment.
  • Header From mismatch: From: [email protected] but MAIL FROM or DKIM d= points elsewhere.

SPF issues:

  • Missing sending IPs/hosts.
  • Ending with ?all (neutral) instead of ~all or -all.
  • Too many lookups (>10) → “permerror.”

DKIM issues:

  • Selector not published.
  • Key missing.
  • DKIM d= misaligned with From domain.

Troubleshooting Steps

Validate DNS Records
  • DMARC’s Basic requirements:
    • The record must begin with “v=DMARC1” .
    • The policy should be the second value in the record and must be either p=none or p=quarantine or p=reject.
    • Use of colons as separators instead of semicolons, or lack of semicolons between values.
    • Excess characters or bad quoting

Example of an invalid DMARC Record:

Unvallid DMARC Record

Example of a Valid DMARC Record:

how does a Valid DMARC Record look like?

Use our DMARC lookup tool to check if your record is valid.

SPF:

  • Ensure all authorized sources are included.
  • End with ~all or -all (not ?all).
  • Update the SPF record with the correct IPs/hosts.
  • Watch out for DNS lookup limits (>10).

Use our SPF lookup tool or EasySPF feature to validate records and avoid lookup limitations.

DKIM:

  • Ensure the selector record exists.
  • TXT key is valid.
  • d= domain aligns with the From domain.

Use our DKIM lookup tool to verify.

Check Alignment

DMARC passes only if SPF or DKIM both pass and align with the From domain.

Example (Alignment Failure):

Authentication-Results: mx.google.com;
spf=pass (domain of [email protected] designates 192.0.2.1 as permitted sender) [email protected];
dkim=fail (bad signature) header.d=mailer.example.net;
dmarc=fail (p=reject) header.from=example.com
  • SPF = pass (but MAIL FROM = mailer.example.net, not aligned with example.com)
  • DKIM = fail
  • DMARC = fail → 554/550 rejection

Example (Alignment Pass)

spf=pass (google.com: domain of [email protected] designates 203.0.113.10 as permitted sender) [email protected];dkim=pass header.d=example.com;dmarc=pass (p=reject) header.from=example.com
  • SPF = pass and aligned
  • DKIM = pass and aligned
  • DMARC = pass → message delivered
Test and Monitor

Key Takeaway

A 554 5.7.5 rejection is not a “Gmail filter problem.” It’s DMARC enforcement doing its job. If your records are misconfigured, or alignment is broken, your email will be rejected.

👉 Use EasyDMARC’s solution to validate SPF, DKIM, and DMARC.
👉 Monitor reports to identify shadow IT and failing services.
👉 Contact EasyDMARC Support if you need direct help fixing DNS or alignment issues.

Contact Us
Profile image
EasyDMARC
Various authors from EasyDMARC teams have contributed to our blog during company's lifetime. This author brings everyone together.
Comments
guest
0 Comments
Inline Feedbacks
View all comments

succees We’re glad you joined EasyDMARC newsletter! Get ready for valuable email security knowledge every week.

succees You’re already subscribed to EasyDMARC newsletter. Continue learning more about email security with us

In this article
Share article:
More In Authentication Protocols
EasyDMARC 2025 DMARC Adoption Report
EasyDMARC 2025 DMARC Adoption Report
Download Report
New Ebook