Why are the emails that I send using Amazon SES failing with the error message "Email rejected per DMARC policy"?

2 minute read

I'm sending emails from Amazon Simple Email Services (Amazon SES) using a verified email address. But the emails are failing with the error message "Email rejected per DMARC policy".

Short description

The following are common reasons why you can receive a Domain-based Message Authentication and Conformance (DMARC) failure:

You have a "reject" DMARC policy on your domain, and your email address isn't authenticated through Sender Policy Framework (SPF) or DomainKeys Identified Mail (DKIM). To comply with DMARC, you must authenticate your email messages through SPF or DKIM, or both.
Your email address is verified, but your domain isn't. To resolve this issue, you must verify your domain using DKIM to comply with DMARC.

Resolution

Authenticate your email messages through SPF or DKIM

You have a DMARC policy on your domain that's similar to the following:

v=DMARC1; p=reject; rua=mailto:dmarcreports@example.com;

When you have a DMARC policy that controls your domain's outbound email traffic and your email address isn't authenticated, your email is rejected.

To resolve this issue, authenticate your email identity with DKIM or SPF, and comply with DMARC. For step-by-step instructions, see What do I do if my Amazon SES emails fail DMARC validation for SPF alignment or DKIM alignment?

Verify your domain using DKIM to comply with DMARC

If you're sending email using an email address that's verified on a domain that's not verified, then your email fails DMARC with no DKIM authentication. Follow these instructions to verify your domain, Verifying a DKIM domain identity with your DNS provider. For methods on how to authenticate your email through DKIM see, Authenticating email with DKIM in Amazon SES.

Note:

You can't authenticate an email address that's on a domain that's not verified.
When you send email using a separately verified email address on a DKIM-configured domain, Amazon SES automatically authenticates the message. However, if you turned off DKIM on a separately verified email address that's on a DKIM-configured domain, then your message isn't authenticated.

Related information

Why are the emails that I send using Amazon SES getting marked as spam?

How do I enable DKIM for Amazon SES?

Why is DKIM domain failing to verify on Amazon SES?

Troubleshooting DKIM problems in Amazon SES

Topics

Front-End Web & Mobile Business Applications

Relevant content

Why the AWS SES service fails to send template emails
Mboh Bless Pearl
asked 8 months ago
DMARC policy violation using Amazon SES
Accepted Answer
DevHub
asked 2 years ago
AWS SES with Cognito failing to send verification emails
Accepted Answer
PatonPersonnel
asked 9 months ago
Message rejected: Email address is not verified. The following identities failed....
MD Idiake
asked a year ago
DMARC policy violation using Amazon SES
Accepted Answer
DevHub
asked 2 years ago
Why am I getting a 554 or 400 "Message rejected" error with the message "Email address is not verified" from Amazon SES?
AWS OFFICIALUpdated 2 years ago
Why are emails failing to deliver when I send Amazon SES emails using the SendTemplatedEmail operation?
AWS OFFICIALUpdated a year ago
Why are the emails that I send using Amazon SES getting marked as spam?
AWS OFFICIALUpdated 2 years ago
Why don't the emails that I send through Amazon SES get delivered?
AWS OFFICIALUpdated 5 months ago
Why is a /24 the smallest IP range that can be used with BYOIP?
EXPERT
Brettski-AWS
published a year ago