Seeing an email authentication error?

Find the exact error from your bounce message or message headers. Each page explains what it means in one sentence, why it happens, and the step-by-step fix.

SPF PermError: too many DNS lookups

This error means evaluating your SPF record requires more than 10 DNS lookups (the hard limit in the SPF standard), so receiving servers give up and treat your SPF as permanently broken.

dkim=fail (body hash did not verify)

This error means the message body was modified after your server signed it: the hash the receiver computes no longer matches the hash in your DKIM signature, so the signature is rejected.

550 5.7.26 This mail is unauthenticated... unauthenticated email is not accepted

This bounce means Gmail rejected your message because it passed neither SPF nor DKIM. Google now refuses mail it can't authenticate at all.

dmarc=fail action=oreject

This header means the message failed DMARC against a p=reject policy, and Microsoft chose to override the reject (“oreject”), delivering it to junk or quarantine instead of bouncing it.

SPF softfail

SPF softfail means the sending server's IP isn't authorized by your SPF record, and your record ends in ~all, which tells receivers “treat this as suspicious, but don't reject it outright.”

554 5.7.5 permanent error evaluating DMARC policy

This bounce means the receiving server tried to look up and evaluate your DMARC policy and hit a permanent error: it couldn't make sense of what your DNS returned, so it rejected the message rather than guess.

Gmail: this message was not sent to Spam because of DMARC

This banner means Gmail's filters were suspicious of the message, but the sending domain's DMARC setup (typically a p=none policy or a passing DMARC result) instructed Gmail to deliver it to the inbox instead of spam.

emails going to spam after Google update

If your mail started landing in Gmail spam folders, you're almost certainly missing one of Google's sender requirements (enforced since February 2024), which demand authenticated mail from everyone and SPF, DKIM, DMARC, one-click unsubscribe, and a low spam rate from bulk senders.