DMARC Errors For Outgoing Emails (554 5.7.5 permanent error)

Users can face many DMARC errors when sending an email. Most of them are related to a syntax error in the DNS records and some could even be a temporary or a one-off error.

Common SMTP error codes can start with 554 which means that the transaction has failed. It’s a permanent error and the server will not try to send the message again.

DMARC Errors For Outgoing Emails (554 5.7.5 permanent error), EasyDMARC

Here’s an example of what a DMARC error message could look like.

554 5.7.5 permanent error evaluating dmarc policy (Protonmail)

dmarc 554 5.7.5 permanent error evaluating dmarc policy

521 5.2.1 This message failed DMARC Evaluation and is being refused due to provided dmarc Policy (Google)

550 5.7.1 Unauthenticated email from example.com is not accepted due to the domain’s dmarc policy (Google)

550 5.7.1 Policy rejection on the target address (Yandex)

All these failures are caused by DMARC errors. Usually, this is due to the adoption of DMARC practices.

Troubleshooting DMARC Errors For Outgoing Emails

1- The first step would be to check if your DNS records (DMARC, SPF and DKIM) are valid and don’t have any syntax errors, like missing or extra characters, bad record contents.

DMARC’s Basic requirements:

  • The record must begin with “v=DMARC1” note that the DMARC version is required (Which is 1).
  • The policy should be the second value in the record and must be either p=none or p=quarantine or p=reject. (Also check for spelling errors).
  • Use of colons as separators, instead of semicolons, or lack of semicolons between values.
  • Excess characters or bad quoting

Example of an invalid DMARC Record:

 

Unvallid DMARC Record

 

Example of a Valid DMARC Record:

 

how does a Valid DMARC Record look like?

 

 

For the DMARC record, you can use our DMARC lookup tool to check if the record is valid. 

Update the SPF record with the valid IP addresses or the sources that are legitimate to send an email from, check if your record is set to neutral as you need softfail ~all or hardfail -all if you’re deploying DMARC.

 You can use our SPF lookup tool to check if your record is valid, Also check our EasySPF feature if you’re having DNS lookup limitations.

For DKIM make sure that the DKIM signature domain and sender (Header From) domain align, also check for errors in the record you can use our DKIM lookup tool to verify.

2- Configure the ‘FROM’ field that is used to send the email @example.com should match the ‘MAIL FROM’ for the email to be DMARC compliant and successfully send emails without rejection.

3- Contact our DMARC specialists for further support on this matter at [email protected]

How DMARC Can Improve Email Deliverability?

How DMARC Can Improve Email Deliverability?

There’s no doubt that email marketing is an essential and powerful tool for any...

Read More
Email Security News Round-Up [September 2022]

Email Security News Round-Up [September 2022]

September was a busy month filled with email security news and cybersecurity news stories...

Read More
How to Increase Domain Reputation with SPF

How to Increase Domain Reputation with SPF

Is your email open rate decreasing? Noticing a higher bounce rate? Well, this could...

Read More