DMARC error: Resolve the 554 5.7.5 Permanent Error Evaluating DMARC Policy

Getting the 554 5.7.5 Permanent Error Evaluating DMARC Policy when sending emails from your domain? As the error states, this is a DMARC related error. Behind the scenes, the 554 5.7.5 error stops SMTP ports from accepting emails from your domain. As someone who uses emails on a daily basis, this is not something we want to experience. So, we’ve put together a quick guide on how you can resolve this error by looking into DMARC practices.

First, let’s understand the 554 5.7.5 Permanent Error Evaluating DMARC Policy

This error stops your emails from delivering because the receiving server fails to evaluate your DMARC policy. This means that the receiving server rejects or marks your emails as spam. This not only stops you from reaching your intended recipient but also negatively impacts your sender’s reputation and email deliverability.

Due to the severity of this issue, you should resolve the 554 5.7.5 Permanent Error immediately.

Why does the 554 5.7.5 Permanent Error occur?

There can be a few reasons why this error occurs. Let’s investigate some of the reasons:

Incomplete or Incorrect DMARC record

Check your DMARC record to ensure it is valid. Ensure that your DMARC record uses a valid DMARC policy tag (p=none, p=quarantine, p=reject). Your DMARC record should not have any syntax errors, spacing issues, missing or extra characters.

Here is an example of an invalid DMARC record:

Now, let's look into why this record is invalid:

1. Incorrect v=DMARC; version tag

A valid DMARC record must begin with v=DMARC1, followed by a semicolon. Ensure there are no leading whitespace or spelling errors, and "DMARC" should not be in lowercase. The version tag is mandatory for a DMARC record to be valid.

2. Misspelled policy tag value p=qurantine;

A valid DMARC record must have a policy tag value of none, quarantine, or reject. The above example has a policy tag value of "qurantine", which is incorrect. The policy tag value should not have any spelling errors, extra characters, or missing characters. The policy tag is mandatory for a DMARC record to be valid.

3. Empty tag value rua=;

A valid DMARC record must have valid tags and tag values. The above example has an empty tag value for the rua tag. The rua tag value should not be empty, and it should contain a valid email address or URI. The rua tag is optional but recommended.

4. Incomplete URI [email protected]

A valid DMARC record must have a complete URI, it requires a mailto: prefix for email addresses. The above example has an incomplete URI for the ruf tag. The ruf tag value should be a valid email address or URI. The ruf tag is optional but recommended.

An example of a valid DMARC record:

Not sure how to check your DMARC record? Use our email authentication tools to verify your DMARC record.

What are DMARC policy tags?

DMARC policy tags instruct the receiving servers on how to handle messages that fail authentication checks.

There are 3 DMARC policy tags:

1. p=none

This policy tag tells the receiving server to monitor emails that fail authentication checks but not to take any action. Messages that fail authentication checks can still pass.

2. p=quarantine

This policy tag tells the receiving server to quarantine emails that fail authentication checks. Messages that fail authentication checks should be treated as suspicion. Suspicious emails are marked as spam or sent straight to the junk folder.

3. p=reject

This policy tag tells the receiving server to reject emails that fail authentication checks. Messages that fail authentication checks are rejected and not delivered to the recipient.

It is suggested that while you troubleshoot, set your DMARC policy to p=none. When you no longer experience the 554 5.7.5, you can revert it back to a stricter policy.

DMARC is not complete without SPF and DKIM records. DMARC tells mail servers what to do with emails that fail SPF or DKIM.

Incorrect SPF or DKIM records

Sender Policy Framework (SPF) records verify the IP addresses authorized to send emails on behalf of your domain.

DMARC checks to see if SPF records are valid or not. You must ensure your SPF records are configured correctly; otherwise, you will fail authentication checks and trigger the 554 5.7.5 error.

DomainKeys Identified Mail (DKIM) adds a digital signature to outgoing emails from your domain. The DKIM record stores the public key of the domain, and receiving mail servers then check the record to get the public key. The signature is added as a DKIM header. Mail servers use the public key to authenticate the DKIM signature.

You must ensure your DKIM record does not have a mismatch between the “d=” tag in the DKIM signature and the sending domain. The signature must align with the domain emails are being sent from. This can happen if you change your domain name and do not come around to updating your DKIM records. If this is not correct, you will fail authentication checks.

Easily check for DMARC, SPF, and DKIM record validity using our email authentication tools. Sign up for a free account.

Pro Tip: Use DMARC monitoring to know exactly which servers are sending emails on your behalf, the email volume, the status of your authentication checks, and whether DMARC passes or fails. DMARC monitoring is a great way to stay covered and ensure your emails are delivered.

Ensure you have valid DMARC, SPF, and DKIM records to avoid the 554 5.7.5 Permanent Error Evaluating DMARC Policy. It is so easy to overlook an error in your records, but it can have a huge impact on your email deliverability. Email authentication tools are a must for anyone sending emails. It helps you stay on top of your email authentication practices and ensures your records are valid and emails are being delivered.