5.7.26

Enhanced Status Code 5.7.26: DMARC Authentication Failed

Permanent failure Critical severity Security RFC 7489
What it means

Enhanced Status Code 5.7.26 means “DMARC Authentication Failed.” Your email failed DMARC authentication and the domain owner's DMARC policy specifies rejection. Both SPF and DKIM either failed or were not aligned with the From domain. This is one of the most important errors to fix immediately.

At a glance
Code5.7.26
Bounce typeHard (permanent)
SeverityCritical
CategorySecurity
What to doSuppress the address; do not retry
StandardRFC 7489
What it looks like in your mail logs 
550 5.7.26 Unauthenticated email is not accepted due to the sending domain's DMARC policy. Please contact the administrator of example.com domain.

What does 5.7.26 mean?

Enhanced status code 5.7.26 indicates your email failed DMARC (Domain-based Message Authentication, Reporting, and Conformance) validation and the domain's DMARC policy is set to reject (p=reject) or quarantine (p=quarantine) unauthenticated messages. DMARC requires either SPF or DKIM to pass AND be aligned with the From domain.

Gmail commonly returns "550-5.7.26 This message does not have authentication information or fails to pass authentication checks. To best protect our users from spam, the message has been blocked." This means your DMARC, SPF, and DKIM configuration needs immediate attention.

To pass DMARC, at least one of these must be true: 1) SPF passes AND the MAIL FROM domain aligns with the From header domain, OR 2) DKIM passes AND the DKIM signing domain (d=) aligns with the From header domain. If neither condition is met, DMARC fails. Check all three records - SPF, DKIM, and DMARC - using our checker tools.

How 5.7.26 plays out

Your server attempts delivery
The recipient server returns a permanent 5.7.26 rejection
This is a hard bounce: the message will not be accepted as sent
Suppress the address and fix the root cause before resending

Where 5.7.26 sits: soft vs hard bounce

Soft bounce (4xx) Hard bounce (5xx)
NatureTemporaryPermanent
SMTP class4xx5xx
What to doLet it retrySuppress the address
Recoverable?OftenNo
5.7.26 is✓ this code

Common causes of 5.7.26

  • Both SPF and DKIM authentication failed for the message
  • SPF passes but the MAIL FROM domain does not align with the From header domain
  • DKIM passes but the signing domain does not align with the From header domain
  • DMARC policy is set to p=reject, causing messages to be bounced on failure
  • Email forwarding broke both SPF and DKIM alignment
  • Sending from a third-party service not properly configured for your domain

How to fix 5.7.26

  • Check your DMARC record using our DMARC Checker tool
  • Verify SPF is configured and includes all your sending services
  • Verify DKIM is properly configured and the signing domain aligns with your From domain
  • Ensure SPF alignment: MAIL FROM domain must match From header domain
  • Ensure DKIM alignment: DKIM d= domain must match From header domain
  • If using third-party senders, configure them to send with proper SPF/DKIM alignment

Frequently asked questions

What does 550 5.7.26 "Unauthenticated email is not accepted due to domain's DMARC policy" mean?
Error 550 5.7.26 means the recipient's server (most commonly Gmail) rejected your message because it failed DMARC authentication checks. Your email did not pass either SPF or DKIM in alignment with your domain's From address, and your DMARC policy (or the receiver's policy) directed the server to reject unauthenticated messages. This error is enforced by Gmail, Microsoft 365, and Yahoo for domains with a DMARC policy of p=quarantine or p=reject.
How do I fix the 5.7.26 error in Gmail?
Set up both SPF and DKIM for your sending domain and ensure they align with the From address in your emails. Publish an SPF record that includes all authorized sending sources, configure DKIM signing with a valid key in DNS, and verify alignment by sending a test email and inspecting the "Show Original" headers in Gmail. Avoid having multiple SPF records for the same domain, as this causes all SPF checks to fail. Allow 48 hours for DNS changes to propagate before testing.
Can email forwarding cause a 5.7.26 DMARC failure?
Yes, email forwarding is one of the most common causes of 5.7.26 errors. When a message is forwarded, SPF breaks because the forwarding server's IP is not in the original domain's SPF record, and DKIM may break if the forwarding server modifies the message body or headers. To solve this, ensure your forwarding server supports ARC (Authenticated Received Chain), which preserves authentication results across forwarding hops. Gmail, Microsoft, and other major providers honor ARC seals from trusted intermediaries.
What is the difference between 5.7.26 and 5.7.1 email errors?
Error 5.7.26 specifically indicates a DMARC authentication failure; the message failed SPF and DKIM alignment with the sending domain's DMARC policy. Error 5.7.1 is a broader security rejection that can include blocklisting, policy restrictions, relay denials, or general authentication failures. If you see 5.7.26, the fix is always related to email authentication (SPF, DKIM, DMARC configuration), while 5.7.1 requires investigating the full bounce message for the specific cause.

Related bounce codes

5.7.1 Delivery Not Authorized - Message Refused 5.7.20 SPF Validation Failed 5.7.14 DKIM Verification Failed 5.7.29 ARC Validation Failed

Sources & further reading

RFC 7489 · The standard that defines this reply code Google email sender guidelines · Authentication rules that trigger this DMARC rejection for bulk senders
Reviewed by Jennifer Jackson, Email Deliverability Analyst · June 2026 ← All bounce codes