DMARC Errors For Outgoing Emails (554 5.7.5 permanent error) | EasyDMARC

DMARC Errors For Outgoing Emails (554 5.7.5 permanent error)

3 Min Read
top image DMARC error

Users can face many DMARC errors when sending an email, like 554 5.7.5 permanent error evaluating dmarc policy. Most of them are related to syntax errors in the DNS records, and some could even be temporary or one-off errors.

Error Message Examples

You can see error messages like:
554 5.7.5 permanent error evaluating dmarc policy
remote server returned ‘554 5.7.5 permanent error evaluating dmarc policy’
451 4.7.5 temporary error evaluating dmarc policy
permanent error evaluating dmarc policy
email rejected per dmarc policy

Common SMTP error codes can start with 554, which means that the transaction has failed. It’s a permanent error, and the server will not try to send the message again.

Here’s an example of what a DMARC error message could look like.

554 5.7.5 permanent error evaluating dmarc policy (Protonmail)
The response from the remote server was:
  554 5.7.5 permanent error evaluating dmarc policy

dmarc 554 5.7.5 permanent error evaluating dmarc policy

521 5.2.1 This message failed DMARC Evaluation and is being refused due to provided dmarc Policy (Google)

550 5.7.1 Unauthenticated email from example.com is not accepted due to the domain’s dmarc policy (Google)

550 5.7.1 Policy rejection on the target address (Yandex)

All these failures are caused by DMARC errors. Usually, this is due to the adoption of DMARC practices.

Troubleshooting DMARC Errors For Outgoing Emails

1- The first step would be to check if your DNS records (DMARC, SPF and DKIM) are valid and don’t have any syntax errors, like missing or extra characters, bad record contents.

DMARC’s Basic requirements:

  • The record must begin with “v=DMARC1” note that the DMARC version is required (Which is 1).
  • The policy should be the second value in the record and must be either p=none or p=quarantine or p=reject. (Also check for spelling errors).
  • Use of colons as separators instead of semicolons, or lack of semicolons between values.
  • Excess characters or bad quoting

Example of an invalid DMARC Record:

Unvallid DMARC Record

Example of a Valid DMARC Record:

how does a Valid DMARC Record look like?

For the DMARC record, you can use our DMARC lookup tool to check if the record is valid. 

Update the SPF record with the valid IP addresses or the sources that are legitimate to send an email from, check if your record is set to neutral as you need softfail ~all or hardfail -all if you’re deploying DMARC.

You can use our SPF lookup tool to check if your record is valid, Also check our EasySPF feature if you’re having DNS lookup limitations.

For DKIM make sure that the DKIM signature domain and sender (Header From) domain align, also check for errors in the record you can use our DKIM lookup tool to verify.

2- Configure the ‘FROM’ field that is used to send the email @example.com should match the ‘MAIL FROM’ for the email to be DMARC compliant and successfully send emails without rejection.

3- Contact our DMARC specialists for further support on this matter at [email protected]

Various authors from EasyDMARC teams have contributed to our blog during company's lifetime. This author brings everyone together.
Comments
guest
0 Comments
Inline Feedbacks
View all comments

succees We’re glad you joined EasyDMARC newsletter! Get ready for valuable email security knowledge every week.

succees You’re already subscribed to EasyDMARC newsletter. Continue learning more about email security with us