Gmail returns 554 5.7.5 when it can't compute a DMARC result — often a malformed or duplicate _dmarc TXT. Publish one valid v=DMARC1 record with a p= tag.
Updated Jul 1, 2026
The short answer
"5.7.5 Permanent Error Evaluating DMARC Policy" (usually seen as "554 5.7.5") is a Gmail and Workspace rejection when the receiver cannot reach a usable DMARC result for your From domain. It commonly stems from a malformed DMARC record, including duplicate _dmarc TXT records (RFC 7489 §6.6.3 treats these as no policy applied), but can also reflect SPF or DKIM alignment failures. Fix it by publishing exactly one valid record starting with v=DMARC1 and a p= tag, and aligning SPF and DKIM with your From domain.
This is a permanent (5.x.x) SMTP rejection — most often seen in full as 554 5.7.5 Permanent error evaluating DMARC policy — returned by Google's mail servers (Gmail / Google Workspace). Unlike a transient temperror (which produces a 4.x.x defer and resolves on retry), the 5.7.5 enhanced status code signals a permanent condition: the receiver tried to evaluate the DMARC policy for the From header domain and could not arrive at a usable result, so it refused the message outright. The 5.7.5 code borrows RFC 3463's permanent-failure (5.x.x) and security/policy (x.7.x) framework; the specific .7.5 detail code is formally registered by RFC 3463/IANA as "Cryptographic failure" — Google's DMARC-specific reuse of x.7.5 is a provider convention, not an IANA-registered DMARC code.
The key thing to understand: this error is almost always about your own sending domain's DMARC setup, not the recipient's. The receiving server is evaluating your published policy. Most often that means it couldn't read a usable policy out of your DNS record; in some cases it reflects an alignment/authentication failure against your policy.
Per RFC 7489 §6.6.3, a Mail Receiver queries _dmarc.<your-domain> for a TXT record and then filters it. The spec is explicit: "If the remaining set contains multiple records or no records, policy discovery terminates and DMARC processing is not applied to this message." When the receiver cannot turn your DNS into a usable policy, Google reports this as a permanent error. Common triggers:
_dmarc.example.com. DMARC does not merge them or pick the stricter one — per §6.6.3, multiple records means no policy is applied. This frequently happens after a migration or when two teams each publish a record.v=DMARC1, and per Google Workspace's DMARC guidance "the v and p tags must be listed first" (other tags may follow in any order). A record whose v= value is not exactly DMARC1 is ignored (RFC 7489 §6.6.3; see also the record format in §6.3); a record with no valid p= tag has no policy to apply.rua/ruf URIs, or smart-quotes copied from a doc (curly “v=DMARC1” instead of v=DMARC1)._dmarc.example.com, not at the bare domain or a different label.quarantine/reject, the message fails DMARC. Google more commonly reports that case as 550 5.7.26, but 554 5.7.5 can also surface on authentication/alignment problems — so don't assume the cause is purely a syntax issue without checking alignment too.The 5.7.5 "evaluating" wording points most cleanly at the policy being unreadable (the DNS-record problems above), which is why fixing the record is the first thing to check. If the record is clean, investigate SPF/DKIM alignment next.
bash
dig +short TXT _dmarc.example.com
If more than one v=DMARC1 string comes back, that is your problem.v=DMARC1; p=none; rua=mailto:dmarc@example.com
Start at p=none (monitor mode) so you collect aggregate reports without affecting delivery, then tighten to quarantine/reject once SPF and DKIM are aligned.v=DMARC1 is first, p= is present and is one of none, quarantine, or reject, tags are separated by semicolons (not commas/colons), and there are no curly quotes or trailing junk._dmarc subdomain of the exact From domain.550 5.7.26), confirm SPF and DKIM authenticate and align with your From domain.dig command and resend.If you authenticate from your own domain through Courier, make sure SPF and DKIM are also in place so that once DMARC parses correctly, your mail passes alignment rather than failing the policy.
References
FAQ
It is about your sending (From header) domain. The recipient's server is looking up and trying to evaluate the DMARC record you published at _dmarc.yourdomain.com and cannot parse it into a usable policy.
One API, every provider
Courier connects to your email, SMS, and push providers, handles retries and failover, and surfaces delivery errors in plain language.
Reply-code definitions per RFC 7489 §6.6.3. Last reviewed Jul 1, 2026. Courier is not affiliated with third-party providers; error behavior may vary by implementation.
© 2026 Courier. All rights reserved.