550 5.7.26 authentication required (Gmail)
Gmail returns 550 5.7.26 when a message fails sender authentication before inbox placement. The envelope-from domain must pass SPF or DKIM with DMARC alignment on the visible From domain. Fix authentication on your sending path — M365, Google Workspace, or ESP relay — then re-test.
Quick fix (3 steps)
- 1
Confirm SPF includes every server that sends mail for your domain (M365 `include:spf.protection.outlook.com`, Google `include:_spf.google.com`, or your ESP include).
- 2
Enable DKIM signing on your mail platform and publish the public key in DNS; verify the d= domain aligns with your From header domain.
- 3
Publish a DMARC record at `_dmarc.yourdomain.com` starting with `p=none` and fix any alignment failures shown in aggregate reports before tightening policy.
Common questions
What does Gmail 550 5.7.26 mean?+
It is a permanent rejection indicating Gmail requires passing email authentication (SPF and/or DKIM with DMARC alignment) before accepting mail from your domain.
Can SPF alone fix 550 5.7.26?+
Only if SPF passes and aligns with the From domain under your DMARC policy. Many M365 and ESP setups need DKIM alignment even when SPF passes.
How long after DNS changes until Gmail accepts mail?+
DNS TTL governs propagation — often 15 minutes to a few hours. Send a test message to Gmail and inspect Authentication-Results headers to confirm pass/fail.