Does Sendresults use the same username and password defined for sendemail?
I've seen a note in the Splunk docs that says "If you are sending an email notification to a server that requires SMTP authentication, you must have the admin role assigned."
I can understand why that might be the issue if I used the sendresults command inline, but I even see this error during a scheduled report. I would have expected it to use the same logic as the base "send email action", which I can schedule.
from index=_internal sourcetype=sendresults:log
2019-08-07 12:50:21,859 ERROR invocation_id=1565182221.77:80484 invocation_type="action" msg="Could not send email" rcpt="firstname.lastname@example.org,email@example.com" error="(530, 'Authentication required', firstname.lastname@example.org')"