5.7.28

Enhanced Status Code 5.7.28: Mail Flood Detected

Permanent failure Critical severity Security RFC 7372
What it means

Enhanced Status Code 5.7.28 means “Mail Flood Detected.” The receiving server has detected an abnormally high volume of email from your IP or domain and is rejecting messages as a flood protection measure. This indicates a possible compromised server, spam run, or severely excessive sending volume.

At a glance
Code5.7.28
Bounce typeHard (permanent)
SeverityCritical
CategorySecurity
What to doSuppress the address; do not retry
StandardRFC 7372
What it looks like in your mail logs 
550 5.7.28 Our system has detected an unusual rate of unsolicited mail originating from your IP address. To protect our users from spam, mail sent from your IP address has been temporarily rate limited.

What does 5.7.28 mean?

Enhanced status code 5.7.28 is a severe rejection indicating the receiving server has detected what it considers a mail flood from your sending IP or domain. This goes beyond normal rate limiting (which uses 4xx temporary codes) - the server has determined the volume is so extreme that it constitutes an attack or abuse scenario.

This code is often triggered when a server or account has been compromised and is being used to send spam at very high volumes. It can also occur during legitimate but poorly executed bulk campaigns that send far too many messages too quickly to a single provider.

Immediate action is required. Check your sending server for signs of compromise, review your sending volumes, and verify that only authorized messages are being sent from your infrastructure.

How 5.7.28 plays out

Your server attempts delivery
The recipient server returns a permanent 5.7.28 rejection
This is a hard bounce: the message will not be accepted as sent
Suppress the address and fix the root cause before resending

Where 5.7.28 sits: soft vs hard bounce

Soft bounce (4xx) Hard bounce (5xx)
NatureTemporaryPermanent
SMTP class4xx5xx
What to doLet it retrySuppress the address
Recoverable?OftenNo
5.7.28 is✓ this code

Common causes of 5.7.28

  • Sending server may be compromised and sending spam
  • Extremely high volume of email sent in a very short time
  • Multiple compromised accounts sending through your server simultaneously
  • Bulk campaign misconfigured to send far too quickly
  • Automated system or script running amok

How to fix 5.7.28

  • Immediately check your server for signs of compromise (unauthorized access, unknown processes)
  • Review sending logs for unexpected outbound email volume
  • Implement rate limiting on your outbound email
  • Change all server and account passwords if compromise is suspected
  • Throttle your sending rate to the affected provider
  • Contact the provider postmaster after resolving the root cause

Frequently asked questions

What does error 550 5.7.28 "mail flood detected" mean?
Error 550 5.7.28 means the receiving mail server detected an unusually high volume of email originating from your address or domain in a short period and has blocked further delivery. Gmail specifically returns this as "Our system has detected an unusual rate of unsolicited mail originating from your IP address." This is a rate-limiting protection against spam floods and applies when sending volume exceeds normal thresholds for your account or IP.
How many emails triggers a 5.7.28 mail flood block?
The exact thresholds vary by provider and are not publicly disclosed. Gmail limits standard @gmail.com accounts to 500 emails per rolling 24-hour period, while Google Workspace accounts can send up to 2,000. Microsoft 365 has similar per-user limits. The 5.7.28 error triggers when your sending rate significantly deviates from your normal pattern; even staying under absolute limits can trigger it if you suddenly send a large burst after a period of low activity.
How long does a 5.7.28 rate limit block last?
The temporary block from a 5.7.28 error typically lasts from 1 to 24 hours, depending on the severity and the provider. Stop all outgoing email immediately upon receiving this error; continuing to send during a block extends its duration and worsens your reputation. Wait at least 24 hours before resuming, then gradually increase volume. If the block was triggered by a compromised account, secure the account before resuming sending.
How do I prevent 5.7.28 mail flood errors?
Spread your email sending over time rather than sending large bursts. Use proper email infrastructure (dedicated ESP or SMTP relay service) for bulk sending instead of personal or standard business accounts. Implement sending rate limits in your application or email client. Monitor for compromised accounts that may be sending spam without your knowledge. For legitimate high-volume sending, use services like SendGrid, Amazon SES, or Mailgun that are designed for bulk email delivery.

Related bounce codes

421 Service Not Available - Try Again Later 5.7.1 Delivery Not Authorized - Message Refused 4.7.0 Other Security or Policy Status - Temporary 554 Transaction Failed

Sources & further reading

RFC 7372 · The standard that defines this reply code
Reviewed by Jennifer Jackson, Email Deliverability Analyst · June 2026 ← All bounce codes