5.7.1

Enhanced Status Code 5.7.1: Delivery Not Authorized - Message Refused

Permanent failure Critical severity Security RFC 3463
What it means

Enhanced Status Code 5.7.1 means “Delivery Not Authorized - Message Refused.” The receiving server has permanently rejected your email based on a security or policy decision. This is the most common policy-based rejection code and can be triggered by spam detection, IP blacklisting, content filtering, authentication failures, or explicit sender blocks.

At a glance
Code5.7.1
Bounce typeHard (permanent)
SeverityCritical
CategorySecurity
What to doSuppress the address; do not retry
StandardRFC 3463
What it looks like in your mail logs
550 5.7.1 Service unavailable; Client host [203.0.113.10] blocked using Blocklist 1; To request removal from this list please forward this message to delist@microsoft.com

What does 5.7.1 mean?

Enhanced status code 5.7.1 is the most widely used security/policy rejection code. It means the receiving server has made a deliberate decision to reject your email based on security, policy, or reputation criteria. Unlike 5.1.1 (user unknown), the address may be valid but the server has refused to deliver your message.

Gmail returns 5.7.1 with messages like "This message was blocked because its content presents a potential security issue" or when the sender's IP is flagged for sending spam. Microsoft returns "550 5.7.1 Service unavailable, client host blocked" when your IP is on their blocklist. Yahoo uses it for permanent reputation blocks.

This is a critical error that demands immediate investigation. If you receive 5.7.1 across multiple recipients at the same provider, the issue is almost certainly with your sender reputation or authentication, not with individual addresses. Check your IP against blacklists, verify SPF/DKIM/DMARC, and review your sending practices.

How 5.7.1 plays out

Your server attempts delivery
The recipient server returns a permanent 5.7.1 rejection
This is a hard bounce: the message will not be accepted as sent
Suppress the address and fix the root cause before resending

Where 5.7.1 sits: soft vs hard bounce

Soft bounce (4xx) Hard bounce (5xx)
NatureTemporaryPermanent
SMTP class4xx5xx
What to doLet it retrySuppress the address
Recoverable?OftenNo
5.7.1 is✓ this code

Common causes of 5.7.1

  • Sending IP is on the provider's blocklist or a major third-party blacklist
  • Content triggered spam or phishing detection
  • Missing or failing SPF, DKIM, or DMARC authentication
  • Domain reputation is critically low
  • Recipient organization has blocked your sender address or domain
  • Email contains malware, suspicious URLs, or deceptive content

How to fix 5.7.1

  • Check your IP against all major blacklists immediately using Blacklist Checker
  • Verify SPF, DKIM, and DMARC records are correctly published using our checker tools
  • Review your sender reputation in Google Postmaster Tools and Microsoft SNDS
  • If blacklisted, follow the removal process for each list
  • Review email content for spam triggers, suspicious URLs, or misleading content
  • Contact the recipient postmaster if you believe the block is in error

Frequently asked questions

What does SMTP error 550 5.7.1 mean?
SMTP error 550 5.7.1 means the recipient's mail server rejected your message due to a security or policy violation. This is a broad rejection code indicating the server determined your email is not authorized for delivery to that recipient. Common triggers include failed SPF/DKIM/DMARC authentication, a blocklisted sending IP or domain, or recipient-side rules that restrict inbound email from external senders.
Why are my emails being rejected with 5.7.1 when sending from Outlook to Gmail?
Gmail rejects Outlook-originated messages with 5.7.1 when the sending domain lacks proper email authentication (SPF, DKIM, DMARC) or when the sending IP has a poor reputation. Gmail has become especially strict about IPv6-sourced mail from Microsoft servers. Ensure your domain has valid SPF records that include Microsoft 365's servers (include:spf.protection.outlook.com), a published DKIM signature, and a DMARC policy. Ask the recipient to check their spam folder and add your address to their contacts.
How do I fix 550 5.7.1 "Unable to relay" in Exchange?
The "Unable to relay" variant of 5.7.1 in Microsoft Exchange means your server is configured to reject messages addressed to external domains. Enable SMTP authentication on the send connector, ensure the sending account has relay permissions, and verify the connector is configured to allow outbound mail. In Exchange Online, confirm that SMTP AUTH is enabled for the sending mailbox under the mailbox properties in the admin center.
Does 5.7.1 mean my IP is blacklisted?
Not necessarily, but it is one of the most common causes. The 5.7.1 code covers a range of policy rejections, including IP or domain blocklisting. Check your sending IP against major blocklists such as Spamhaus, Barracuda, and SORBS using tools like MXToolbox. If listed, follow the delisting procedures for each blocklist and address the underlying issue: typically compromised accounts, open relays, or spam complaints.
Reviewed by Jennifer Jackson, Email Deliverability Analyst · June 2026 ← All bounce codes