Skip to main content
Uncategorized

How to fix unauthenticated email not accepted due DMARC policy

By March 24, 2024No Comments

Microsoft, Google, and other major mail providers are strengthing their mail security. They only allow email when you have SPF, DKIM, and DMARC for your domain set up. When attempting to deliver an email to one of those mail providers, the message is rejected with the following response: 550-5.7.26 Unauthenticated email from yourdomain.com is not accepted due to domain’s DMARC policy.

550-5.7.26 Unauthenticated email is not accepted due to domain’s DMARC policy

When attempting to deliver email to Outlook/Hotmail or a Microsoft 365/Office 365 hosted mail server, the message is rejected with the following response:

Gmail (Google):

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:  

  johndoe@gmail.com
    host gmail-smtp-in.l.google.com [142.250.27.27]
    SMTP error from remote mail server after pipelined end of data:
    550-5.7.26 Unauthenticated email from exoip.com is not accepted due to domain's
    550-5.7.26 DMARC policy. Please contact the administrator of exoip.com domain if
    550-5.7.26 this was a legitimate mail. Please visit
    550-5.7.26  https://support.google.com/mail/answer/2451690 to learn about the
    550 5.7.26 DMARC initiative. se27-20030a140906ce5b00b0098bd58fb8c5si5642302ejb.251 - gsmtp 

Hotmail (Microsoft):

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:  

  johndoe@ohotmail.com
    host hotmail-com.olc-protection.outlook.com [52.101.137.1]
    SMTP error from remote mail server after end of data:
    550 5.7.509 Access denied, sending domain (EXOIP.com) does not pass DMARC verification and has a DMARC policy of reject.

Why do we get this error, and what is the solution for 550-5.7.26 Unauthenticated email from exoip.com is not accepted due to domain’s DMARC policy?

Solution for unauthenticated email not accepted due to domain’s DMARC policy

The solution to this permanent error is to check and set up your domain SPF and DKIM records. They might have already been set up, but not the correct way. That’s why your messages are not being delivered, and a bounce message appears in your inbox.

In our example, the SPF record had the include mechanism missing for the SpamBull spam filter. The include mechanism tells that the SpamBull spam filter is an approved sender for the domain. Therefore, email coming from the SpamBull spam filter is authorized.

Once added, messages were delivered successfully without a bounce message.

The below articles will help you to configure SPF and DKIM for Exchange Server on-premises and Exchange Online (Microsoft 365/Office 365):

Exchange Server on-premises Exchange Online
SPF SPF
DKIM* DKIM

*There is no official DKIM support for Exchange Server, and we recommend integrating the SpamBull cloud spam filter to set up DKIM for all outgoing messages. It’s an excellent third-party hygiene solution to implement in your infrastructure.

Leave a Reply