The 554 5.7.5 error blocks your emails permanently because receiving servers can’t evaluate your DMARC policy, or they enforce DMARC, and your message fails alignment. The SMTP rejection indicates that your DMARC record has a syntax or configuration issue that requires immediate attention.
What causes the 554 5.7.5 error
Your DMARC setup has failed one or more of the required checks. Here’s what breaks:
| Cause | What went wrong |
| Invalid DNS syntax | Extra characters, missing semicolons, or wrong formatting in your DMARC record |
| Multiple SPF records | Conflicting SPF records, missing include statements for your ESP, or exceeding 10 DNS lookups |
| DKIM failure | Selector not published, missing key, or domain mismatch in the d= tag |
| Alignment mismatch | Your From domain doesn’t align with SPF or DKIM (under relaxed or strict rules) |
| Invalid reporting URIs | Malformed rua or ruf tags that fail external reporting verification |
Fix the error in 5 steps
Follow these steps carefully to make the fix:
Step 1: Check your DMARC record
Run a DMARC lookup tool to validate your record syntax. Your record must start with v=DMARC1 and include a policy tag (p=none, p=quarantine, or p=reject). Remove any extra periods, spaces, or characters at the end.
Step 2: Fix your SPF record
Change your SPF record ending from ?all to ~all (soft fail) or -all (hard fail). A neutral ?all policy won’t produce an SPF pass for DMARC to use (forcing you to rely entirely on DKIM). Also, verify you’ve included all authorized sending sources and stay under 10 DNS lookups to avoid permerror.
Step 3: Configure DKIM properly
Set up DKIM if you haven’t already (you’ll need it when SPF won’t pass or align). Check that your d= domain in the DKIM signature aligns with your From domain:
- Relaxed alignment — organizational domain match
- Strict alignment — exact domain match required
- Publish your DKIM selector and verify the key is active
Step 4: Verify alignment
DMARC passes only when either SPF or DKIM passes and aligns with your From domain. Test your setup:
- SPF alignment: MAIL FROM domain aligns with From domain (using relaxed or strict rules)
- DKIM alignment: DKIM d= domain aligns with From domain (using relaxed or strict rules)
If you’re using an ESP that sends from their domain, you’ll need DKIM alignment (since SPF won’t align).
Step 5: Temporarily relax policy (if needed)
If you’re still troubleshooting, set your DMARC policy to p=none temporarily. This allows emails to be delivered while you monitor reports and resolve authentication issues.
Switch to p=quarantine once things stabilize, then move to p=reject after confirming everything aligns correctly.
Run a free email deliverability test after making changes to verify that authentication (SPF, DKIM, DMARC) passes. Our email spam checker also displays authentication results and placement indicators directly in your Gmail or Outlook.
Still getting rejected after following these steps?
Authentication errors can hide in unexpected places (subdomain policies, third-party senders, or ESP-specific quirks that standard tools miss).
Book a free consultation with an email deliverability consultant, and we’ll diagnose the issue, fix your DNS records, and get your emails delivering again.
Frequently asked questions
Here are some commonly asked questions about the 554 5.7.5 error:
Bad idea. You’ll lose spoofing protection, and major providers (Gmail, Yahoo) require DMARC for bulk sending.
DNS changes take 24-48 hours to propagate fully (though many updates work within a few hours).
No. The 554 5.7.5 error applies to new sending attempts only. Previously delivered emails stay unaffected.
Check if you’re sending from multiple domains or subdomains. Each needs proper DMARC, SPF, and DKIM configuration.
Start with p=none (monitoring only), then move to p=quarantine (sends failures to spam) after analyzing reports for a few weeks. Finally, switch to p=reject (blocks failures completely) once you’re confident everything aligns correctly.
