2FA NOW REQUIRED: Twilio is requiring two-factor authentication (2FA) as an additional layer of protection for all paying Twilio customers. For more details, see our 2FA Setup Guide.

Troubleshooting Email Delivery Failures due to DMARC

Gmail, AOL, Yahoo, and other popular mail domains have started to embrace Domain-based Message Authentication, Reporting & Conformance (DMARC). While DMARC has been successful in helping users and email providers better secure emails, it has introduced some sending limitations. This guide explains how DMARC can affect message delivery, and how to avoid any problems.

What is DMARC?

The DMARC standard was proposed as a method for easier email sender validation. By increasing cooperation between email senders and receivers, DMARC is hoping to reduce or eliminate spam and phishing emails.

For full details, see DMARC Frequently Asked Questions (dmarc.org).

How does DMARC limit my messages?

You may have already started seeing email failures due to DMARC. Here are some messaging examples:

521 5.2.1 : (DMARC) This message failed DMARC Evaluation and is being refused due to provided DMARC Policy
550 5.7.1 Unauthenticated email from domain.tld is not accepted due to domain's DMARC policy. Please contact administrator of domain.tld domain if this was a legitimate mail. Please visit https://support.google.com/mail/answer/2451690 to learn about DMARC initiative. 62si14044909itw.103 - gsmtp

These message failures are caused by DMARC errors. Usually this is due to the adoption of DMARC practices, resulting in these mailbox providers no longer accepting messages where the From domain is one of their addresses (eg. @gmail.com, @aol.com, or @yahoo.com), and the message originates from a non-approved mail domain server/service such as Twilio SendGrid.

Simply put, Twilio SendGrid accounts can no longer send messages using a Gmail, AOL, or Yahoo From address to a domain that checks DMARC before accepting mail. Affected users will need to change their from address to a different non-protected email address. We recommend using your own mail domain, or one you control that is legitimate. You can then set the Reply-To field to be the original address that previously was used in the From field.

What about these failed messages - are they lost?

Yes, any sent email that failed with a DMARC message is discarded, and tracked as a Block. You will need to adjust your From address field settings, and then try resending from your side.

Have more questions? Submit a request