SMTPERRORCommonSecurityHIGH confidence

Delivery not authorized — relaying denied or policy rejection (SPF/DMARC)

Q: How to fix SMTP 5.7.1 Delivery not authorized — relaying denied or policy rejection (SPF/DMARC)?

Configure SPF record to include your sending IP: Adding your sending IP or ESP's include mechanism to your SPF record authorises that IP to send on behalf of your domain.

Q: How to fix SMTP 5.7.1 Delivery not authorized — relaying denied or policy rejection (SPF/DMARC)?

Set up DKIM signing and align DMARC: DMARC requires either SPF alignment or DKIM alignment to pass. Both should be configured for reliable delivery.

Production Risk

High — 5.7.1 rejections due to SPF/DMARC failures can block all delivery from your domain until DNS is corrected.

What this means

The receiving server refused to accept or relay the message due to a security or policy restriction. This is one of the most common rejection codes, covering open relay prevention, SPF failures, DMARC policy enforcement, and IP blocklist rejections.

Why it happens

1The sending IP is not authorised to send mail for the From domain (SPF fail).
2The message was rejected by the recipient domain's DMARC policy.
3The sending MTA attempted to relay mail through a server it is not authorised to use.
4The sending IP address is on a blocklist (RBL/DNSBL).

How to reproduce

Sending mail from an IP not listed in the domain's SPF record, or sending through a server that does not permit relaying.

trigger — this will error

RCPT TO:<user@example.com>
# Relay attempt rejected:
554 5.7.1 Relaying denied
# SPF/DMARC rejection:
550 5.7.1 Message rejected due to SPF policy
550 5.7.1 DMARC policy violation

expected output

550 5.7.1 or 554 5.7.1 ...

Fix 1

Configure SPF record to include your sending IP

WHEN Receiving SPF-based 5.7.1 rejections

Configure SPF record to include your sending IP

# DNS TXT record for your domain:
v=spf1 ip4:203.0.113.1 include:_spf.example.com ~all
# Verify with:
dig TXT yourdomain.com | grep spf

Why this works

Adding your sending IP or ESP's include mechanism to your SPF record authorises that IP to send on behalf of your domain.

Fix 2

Set up DKIM signing and align DMARC

WHEN Receiving DMARC-based 5.7.1 rejections

Set up DKIM signing and align DMARC

# Check DMARC record:
dig TXT _dmarc.yourdomain.com
# Ensure DKIM is configured and the d= domain aligns with the From: header

Why this works

DMARC requires either SPF alignment or DKIM alignment to pass. Both should be configured for reliable delivery.

What not to do

✕ Configure your MTA as an open relay to avoid relay denials

Open relays are immediately abused for spam and will result in your IP being blocklisted within hours.

Sources

Official documentation ↗

RFC 3463 — Enhanced Mail System Status Codes

SPF Record Syntax ↗DMARC Specification ↗

Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev

At a glance

PlatformSMTP Response Codes

Code5.7.1

ClassSecurity

SeverityERROR

TierCommon

ConfidenceHIGH

← All SMTP errors