Cold email infrastructure starting at $1/mailbox. Volume discounts down to $0.55.Calculate your cost
ColdRelay
← All SMTP Errors
SMTP Error Reference

550 5.7.26

Gmail: unauthenticated email — SPF, DKIM, or DMARC failed

Gmail's enhanced code for messages that don't pass authentication. Introduced widely in Feb 2024 bulk-sender rules. Fix SPF, DKIM, DMARC alignment and the error stops.

Last updated: May 23, 2026

Overview

What 550 5.7.26 Means

What it means

Gmail rejects your message because it didn't pass authentication. Specifically, the message failed at least one of: SPF (sender IP not authorized by the domain's SPF record), DKIM (signature missing or invalid), or DMARC alignment (auth passed but the authenticated domain doesn't match the From header domain). This code was used heavily after February 2024 when Gmail and Yahoo enforced new bulk-sender rules.

Who you'll see it from

Gmail consumer accounts and Google Workspace domains. Yahoo uses similar enhanced codes (often 553 5.7.x) for the same condition.

Why it happens

SPF record doesn't include the sending IP; DKIM key not published or invalid; DMARC policy is missing (or p=reject is set without proper DKIM/SPF alignment); the From-header domain doesn't match the SPF or DKIM domain; or the message was modified in transit (which invalidates DKIM).

Resolution

How to Fix 550 5.7.26

  1. 1

    Run the Email Deliverability Test

    Visit coldrelay.com/tools/email-deliverability-test and enter your sending domain. The tool checks all four (SPF, DKIM, DMARC, MX). Any failing record is your cause. Fix that first.

  2. 2

    Verify SPF includes your sending IP

    Your domain's SPF record (TXT at root) must include the IPs you actually send from. Look up your current SPF and verify the include: mechanisms cover your sending infrastructure. ColdRelay sets this automatically; if you're self-hosted, use the SPF Generator at coldrelay.com/tools/spf-generator.

  3. 3

    Verify DKIM signature validates

    Your DKIM key (TXT at selector._domainkey.YOURDOMAIN) must publish a valid public key matching the private key your mail server signs with. Common breaks: the key was rotated and the DNS wasn't updated, or the selector name doesn't match. Use the DKIM Generator at coldrelay.com/tools/dkim-generator to set up correctly.

  4. 4

    Verify DMARC is published

    Gmail's Feb 2024 rules require DMARC. Even a permissive policy (p=none) satisfies the requirement. Your domain needs a TXT record at _dmarc.YOURDOMAIN with at minimum 'v=DMARC1; p=none;'. Use the DMARC Generator at coldrelay.com/tools/dmarc-generator.

  5. 5

    Check DMARC alignment

    DMARC requires the From-header domain to ALIGN with either the SPF-authenticated domain or the DKIM-signed domain. Most cold email tools use the customer's own domain in From, but some use a tracking domain that doesn't match. Verify your sending platform's tracking-domain configuration aligns with your sending domain.

  6. 6

    Wait for DNS propagation

    After fixing DNS records, wait 24-48 hours for propagation. Some receivers cache DNS aggressively. Re-test with the Email Deliverability Test until all three pass before resuming sends.

Authority

References

Cold email infrastructure

550 5.7.26 in the Cold Email Context

550 5.7.26 is the most common Gmail rejection in 2024-2026 because Gmail and Yahoo's bulk-sender rules (Feb 2024) made DMARC mandatory for anyone sending 5,000+ emails/day to consumer Gmail. Before Feb 2024, you could squeak by with just SPF + DKIM; now Gmail explicitly checks DMARC and rejects with 5.7.26 if it's missing or failing. The fix is structurally trivial — three DNS records — but cold email senders on shared infrastructure often have one or more misconfigured by default. ColdRelay writes all three (SPF, DKIM, DMARC) automatically when a domain is provisioned, so this error doesn't arise from infrastructure-side misconfiguration. If you're seeing 550 5.7.26 from a properly-provisioned ColdRelay domain, the cause is usually a tracking domain or sending alias that breaks DMARC alignment.

FAQ

Frequently Asked Questions

Does Gmail really require DMARC now?

For bulk senders (5,000+ messages/day to consumer Gmail), yes — since February 2024. Below that threshold, DMARC is strongly recommended but not always enforced. Best practice: every cold-email domain has DMARC regardless of volume.

What's the minimum DMARC policy?

p=none is sufficient for Gmail's bulk-sender requirement. p=none means 'monitor only — don't take action on failures.' You can move to p=quarantine or p=reject later for stronger protection against spoofing.

Why does SPF pass but DMARC fail?

DMARC requires alignment: the SPF-authenticated domain must match the From-header domain (or DKIM signed domain must match). If your SPF authenticates via a relay's domain (e.g. sendgrid.net) but your From is yourdomain.com, SPF passes but DMARC fails because the domains don't align.

How long does the fix take to propagate?

DNS propagation is typically under 1 hour for most major receivers, up to 24 hours for stragglers. Re-test with the Email Deliverability Test after 1-2 hours; if it passes, resume sending.

Is this the same error as 550 5.7.1 unauthenticated?

Similar but more specific. 5.7.1 is generic policy rejection. 5.7.26 is specifically authentication failure. Gmail uses 5.7.26 to give senders a clearer diagnostic — DMARC, SPF, or DKIM is the cause.

Keep reading

Related SMTP Errors and Guides

SMTP Error
550 5.7.1
Spam policy violation — receiver rejected the message on policy grounds
SMTP Error
550 5.7.1 [internal]
Gmail: our system has detected an unusual rate of unsolicited mail
SMTP Error
550 5.7.1
Gmail: message identified as spam
SMTP Error
421 4.7.0
Mail rejected — sending IP is Spamhaus-listed or has reputation issues
Integration
Use Instantly with ColdRelay
Integration
Use Smartlead with ColdRelay

Stop Seeing 550 5.7.26 For Cold Email

ColdRelay ships clean, dedicated infrastructure with SPF, DKIM, DMARC, and reverse DNS configured automatically — the same fixes that resolve most 550 5.7.26 bounces. Starting at $50/month.

Start for $50/month →