Errors
550 5.7.1 Email Rejected Due to Security Policies
550 5.7.1 is a policy block — SPF, DKIM, DMARC, or IP rep. The bounce text usually says which. Most fixes are DNS or hygiene.
Common 550 variants
- SPF failed — your IP isn’t authorized in SPF
- DKIM failed — key mismatch or missing TXT
- DMARC rejected —
p=rejectand alignment failed - 5.7.26 unauthenticated (Gmail) — bulk path without DMARC
Fix it step by step
Step 1 Read the full bounce message — the 550 subcode tells you which check failed
Step 2 Run DNS Preflight on your domain with your sending IP
Step 3 Fix the failing SPF, DKIM, or DMARC issue
Step 4 If IP reputation → check blacklists in Email tool
Step 5 Re-send a test after changes
Step 6 If Gmail 5.7.26 → add a DMARC record (even p=none) for bulk senders
Run DNS Preflight to see what’s failing
Open DNS Preflight →FAQ
What does 550 5.7.1 mean?
Policy rejection — SPF, DKIM, DMARC, or reputation. The text after 5.7.1 usually names the failure.
How do I fix 550 5.7.26 from Gmail?
Add a DMARC TXT record — Gmail requires DMARC for bulk senders. Even p=none is often enough to stop that rejection.
SPF and DKIM pass but I still get 550 — why?
Check alignment — passes on the wrong domain still fail DMARC. Preflight shows alignment.
Will DNS fixes stop 550s immediately?
DNS can take up to 48 hours to propagate. Re-test after TTL settles.
I only email one person — can it still be DNS?
Yes — corporate gateways can enforce strict DMARC regardless of volume.