Gmail error 550 5.7.26 "unauthenticated email" — how to fix it
The bounce reads something like: 550-5.7.26 This mail is unauthenticated, which poses a security risk to the sender and Gmail users, and has been blocked. Since Gmail's 2024 sender requirements, this is one of the most common delivery failures on the internet — and it has a precise meaning: your message arrived with neither a passing SPF check nor a valid DKIM signature. Gmail no longer accepts such mail at any volume.
Updated July 13, 2026
What Gmail is actually checking
For all senders, Gmail requires at least one of SPF or DKIM to pass. For bulk senders (5,000+ messages/day to Gmail), it requires both, plus a DMARC record, aligned authentication, one-click unsubscribe on marketing mail, and a spam-complaint rate under 0.3%. A 5.7.26 bounce means you failed the baseline: neither method produced a pass.
Fix it in three checks
- SPF: run your domain through the SPF checker. No record, a second record, or a PermError all read as "no SPF" to Gmail. Publish one valid record that includes every service sending for you.
- DKIM: run the DKIM checker. If your sending service isn't signing with your domain, turn it on — for Google Workspace, Microsoft 365, or any major ESP, our setup guides show the exact steps and records.
- Verify end to end: send a message to the inbox test and confirm SPF and DKIM both pass with your domain, not your ESP's.
If it's intermittent
Bounces on some mail but not all usually mean multiple sending paths — the CRM authenticates, the billing system doesn't. Each stream needs its own authentication. A DMARC record at p=none with reporting is the systematic way to find the unauthenticated stream: the reports list every source sending as your domain and exactly what failed. Set up DMARC and the culprit shows up within days.