Follow
Unauthenticated Email Is Not Accepted due to Domain's DMARC Policy

Problem

User receives the following bounce back email:
 

550-5.7.1 Unauthenticated email from "customer domain.com" is not accepted due to
550-5.7.1 domain's DMARC policy. Please contact administrator of "customer domain.com"
550-5.7.1 domain if this was a legitimate mail. Please visit
550-5.7.1 https://support.google.com/mail/answer/2451690 to learn about DMARC
550 5.7.1 initiative.

 

Answer
DMARC is configured in the customer's email system and is not part of Workfront.

DMARC, in part, tries to determine that the incoming email addresses are "trusted" and so it's a higher level of security. This is not part of IP Whitelisting.

The customer's email system is using DMARC in attempts to prevent Phishing email.
The Error comes from the customer's email system not Workfront.

The customer needs to do exactly what the Error message says "Please contact email administrator of "customer's domain.com" domain if this was a legitimate mail." They should be able to configure their email system to allow/trust email from noreply@workfront.com or preferably all email from workfront.com.
How to do this is up to their email administrator and the email product they are using.

The reason DMARC Errors is because Workfront sends (spoofs) emails that aren't from the user's email address.

For example in this case looking at the email's header file Workfront sends an email with:
From: customer-email@domain.com and a Reply-To: noreply@workfront.com

The email system sees this as a Phishing email because the From: and the Reply-To: are not from the same email address, specifically, the @domain.com piece.

Please see https://support.google.com/mail/answer/2451690 to learn more about DMARC

Also, this Wiki document about DMARC explains that DMARC is built upon SPF and DKIM