<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Email Rejected Due to Domain's DMARC Policy
Nov 28, 2025
Administration
Okta Classic Engine
Okta Identity Engine
Overview

This article covers the causes and solutions for activation emails and password reset emails being rejected with the following error: 

550 5.7.26 Unauthenticated email from https://login.example.com  is not accepted due to domain's DMARC policy. Please contact the administrator of https://login.example.com domain if this was a legitimate mail. Please visit https://support.google.com/mail/answer/2451690 to learn about the DMARC initiative.

 

Applies To
  • DMARC
  • Email Reject
  • Custom Domain
Cause

DMARC Policy is set to p = reject.


DMARC Policy 

Solution
  1. Check the email header for the rejected email. It will have a DNS value (that is, "v=DMARC1; p=reject).
  2. Using https://mxtoolbox.com/, perform a DMARC lookup for the Tenant URL in question.
  3. If the value p=reject is seen, then update it to p=none.

DMARC Policy

Recommended content

Still looking for help?
Loading
Email Rejected Due to Domain's DMARC Policy