The receiving server has detected an abnormally high volume of email from your IP or domain and is rejecting messages as a flood protection measure. This indicates a possible compromised server, spam run, or severely excessive sending volume.
What Does Error 5.7.28 Mean?
Enhanced status code 5.7.28 is a severe rejection indicating the receiving server has detected what it considers a mail flood from your sending IP or domain. This goes beyond normal rate limiting (which uses 4xx temporary codes) - the server has determined the volume is so extreme that it constitutes an attack or abuse scenario.
This code is often triggered when a server or account has been compromised and is being used to send spam at very high volumes. It can also occur during legitimate but poorly executed bulk campaigns that send far too many messages too quickly to a single provider.
Immediate action is required. Check your sending server for signs of compromise, review your sending volumes, and verify that only authorized messages are being sent from your infrastructure.
Common Causes
- Sending server may be compromised and sending spam
- Extremely high volume of email sent in a very short time
- Multiple compromised accounts sending through your server simultaneously
- Bulk campaign misconfigured to send far too quickly
- Automated system or script running amok
How to Fix Error 5.7.28
- Immediately check your server for signs of compromise (unauthorized access, unknown processes)
- Review sending logs for unexpected outbound email volume
- Implement rate limiting on your outbound email
- Change all server and account passwords if compromise is suspected
- Throttle your sending rate to the affected provider
- Contact the provider postmaster after resolving the root cause
Frequently Asked Questions
Error 550 5.7.28 means the receiving mail server detected an unusually high volume of email originating from your address or domain in a short period and has blocked further delivery. Gmail specifically returns this as "Our system has detected an unusual rate of unsolicited mail originating from your IP address." This is a rate-limiting protection against spam floods and applies when sending volume exceeds normal thresholds for your account or IP.
The exact thresholds vary by provider and are not publicly disclosed. Gmail limits standard @gmail.com accounts to 500 emails per rolling 24-hour period, while Google Workspace accounts can send up to 2,000. Microsoft 365 has similar per-user limits. The 5.7.28 error triggers when your sending rate significantly deviates from your normal pattern -- even staying under absolute limits can trigger it if you suddenly send a large burst after a period of low activity.
The temporary block from a 5.7.28 error typically lasts from 1 to 24 hours, depending on the severity and the provider. Stop all outgoing email immediately upon receiving this error -- continuing to send during a block extends its duration and worsens your reputation. Wait at least 24 hours before resuming, then gradually increase volume. If the block was triggered by a compromised account, secure the account before resuming sending.
Spread your email sending over time rather than sending large bursts. Use proper email infrastructure (dedicated ESP or SMTP relay service) for bulk sending instead of personal or standard business accounts. Implement sending rate limits in your application or email client. Monitor for compromised accounts that may be sending spam without your knowledge. For legitimate high-volume sending, use services like SendGrid, Amazon SES, or Mailgun that are designed for bulk email delivery.