Unauthenticated Email Is Not Accepted due to Domain's DMARC Policy


User receives the following bounce back email:

550-5.7.1 Unauthenticated email from "customer" is not accepted due to
550-5.7.1 domain's DMARC policy. Please contact administrator of "customer"
550-5.7.1 domain if this was a legitimate mail. Please visit
550-5.7.1 to learn about DMARC
550 5.7.1 initiative.


DMARC is configured in the customer's email system and is not part of Workfront.

DMARC, in part, tries to determine that the incoming email addresses are "trusted" and so it's a higher level of security. This is not part of IP Whitelisting.

The customer's email system is using DMARC in attempts to prevent Phishing email.
The Error comes from the customer's email system not Workfront.

The customer needs to do exactly what the Error message says "Please contact email administrator of "customer's" domain if this was a legitimate mail." They should be able to configure their email system to allow/trust email from or preferably all email from
How to do this is up to their email administrator and the email product they are using.

The reason DMARC Errors is because Workfront sends (spoofs) emails that aren't from the user's email address.

For example in this case looking at the email's header file Workfront sends an email with:
From: and a Reply-To:

The email system sees this as a Phishing email because the From: and the Reply-To: are not from the same email address, specifically, the piece.

Please see to learn more about DMARC

Also, this Wiki document about DMARC explains that DMARC is built upon SPF and DKIM