Unauthenticated email from strapi.io is not accepted due to domain's 550-5.7.26 DMARC policy

System Information
  • Strapi Version: v4.1.5
  • Operating System: Windows 10
  • Database: “sqlite3”: “5.0.2”
  • Node Version: v16.13.1
  • NPM Version: 7.5.6

Trying to implement Forgotten password functionality in my Nuxt app using the /auth/forgot-password endpoint.

After sending the post requet, using my gmail account, I recieve the following error: 
"SMTP code:550 msg:550-5.7.26 Unauthenticated email from strapi.io is not accepted due to domain's
550-5.7.26 DMARC policy. Please contact the administrator of strapi.io domain
550-5.7.26 if this was a legitimate mail. Please visit
550-5.7.26  https://support.google.com/mail/answer/2451690 to learn about the
550 5.7.26 DMARC initiative. b20-20020a1709063f9400b006df76385b76si9863593ejj.22 - gsmtp
However after using my hotmail account I get a different error: 
"SMTP code:550 msg:550 5.7.1 Service unavailable, Client host [] blocked using Spamhaus. To request removal from this list see https://www.spamhaus.org/query/ip/ (AS3130). [AM7EUR06FT015.eop-eur06.prod.protection.outlook.com]

Any help would be appreciated.

I’m having the same issue but with the /auth/forgot-password and /auth/send-email-confirmation in Insomnia.

Seeing that no one has replied to your message since April, perhaps it’s time for me to move on. Strapi is great, but it feels like I spend just as much time troubleshooting these undocumented edge cases as I would with a custom solution. Where Strapi used to save me time, it’s now just slowing me down.

1 Like

This doesn’t really have anything to do with Strapi… that’s why you didn’t find documentation.

You need to change the default FROM address in your Email Templates in Settings > Email Templates (the default is “no-reply@strapi.io”)

There are a few things need to pay attention when using the email related function.

  • The first thing is that the default Email plugin or Email provider “Sendmail” is not production ready and need to config which does not provide too much options. So if like to use email gateway like your own email hosting with modern secured smtp support, need to install extra provider.

  • For email provider example, could refer to this tutorial and install that email providers accordingly.

Other email and providers related reading, could refer:

Wow after facing this issue for about 1 month lucky for me it was a side project but this problem comes from the email plugins in /plugins. I couldn’t send emails to Gmail only but other random emails worked. I am disappointed I did not get a solution sooner online. If you work in a big company use email providers like SendGrid etc else if you are doing a small hobby project you can use google using SMTP. I used this library https://github.com/bass3l/strapi-provider-email-smtp and it worked immediately after over a month. Hope this helps someone out there

If anyone is coming to this question from Google, here is what works for a default installation:

Suppose your Strapi is running on strapi.mydomain.com.

Edit (or create if necessary) the file config/plugins.js and put this code inside:

module.exports = {
   // here might be other things already, but add the next part
   email: {
      provider: 'sendmail',
      providerOptions: {},
      settings: {
          defaultFrom: 'email@strapi.mydomain.com',

This is necessary to have the correct “From” address set.

Then go to this tool SPF Record Generator - MxToolBox and fill the fields:

  • Do you send email from your webserver? => Yes
  • Enter any other server hostname or domain that delivers email for your domain => (your domain name, e.g. strapi.mydomain.com)
  • Enter your domain’s IPv4 Addresses / CIDR Ranges => Your server’s IP4 address (e.g.
  • Enter your domain’s IPv6 Addresses / CIDR Ranges => Your server’s IP6 address (e.g. 1222::2:323)
  • How strict should should the SPF Policy be? => Strict

Then copy the value of the suggested record and put it as the value of a new TXT DNS record for your domain. So for the DNS record put type=TXT, key/domain gets set to your subdomain or empty or @ if Strapi runs directly on mydomain.com, then for the value the one from the mxtoolbox website.

Now email sending should work! It might still land in the spam folder, but there’s not much you can do further.

1 Like