Several DMARC‑monitoring vendors reported that Google has quietly updated its DMARC aggregate reports to include SMTP error codes inside the <reason><comment> field.
Some analysis of new reports found codes such as “550‑5.7.30 DKIM signature failed” and “550‑5.7.27 SPF failure” that identify why authentication failed. Valimail separately noted codes indicating rate‑limiting or blocks (e.g., “421‑4.7.27” for SPF‑failure rate limiting, “550‑5.7.1” for blocked due to policy). No official announcement from Google or updates to its DMARC documentation have been published, leaving the change unconfirmed by a primary source.
Why it matters:
- Error codes in aggregate reports would allow senders to diagnose authentication issues without waiting for bounce messages.
- Deliverability teams could prioritise fixes for SPF/DKIM misconfigurations based on error frequency.
- Policy enforcement details would become more transparent, enabling proactive compliance.
Compliance / Action Checklist:
- Review Google DMARC aggregate reports for
<reason><comment>tags containing SMTP codes. - Map common codes to underlying issues (e.g., 5.7.30 for DKIM failure) to guide remediation.
- Cross‑check codes with authentication logs and adjust DKIM keys, SPF records or DMARC policies as needed.
- Continue monitoring official Google Postmaster communications for confirmation and guidelines.
Key dates:
- Aug 1 2025: Vendor reports of new error codes in Google DMARC reports.
- Date to watch: Await official documentation or confirmation from Google; the change may be rolled back or modified, when features are not officially documented that is a real risk.
Note: These findings are vendor‑reported. Because there is no official confirmation from Google, that we have found at this time we will treat this as a developing story, and subject to updates.
