The server requires cryptographic authentication that your message failed to provide. This is different from SMTP AUTH - it refers to email authentication mechanisms like SPF, DKIM, or mutual TLS that the receiving server mandates.
What Does Error 5.7.5 Mean?
Enhanced status code 5.7.5 indicates the receiving server requires a specific cryptographic or protocol-level authentication that your message did not satisfy. This can refer to SMTP AUTH (login credentials), but more commonly in modern email it indicates the server requires sender authentication via SPF, DKIM, or TLS and your message failed these checks.
Some receiving servers, particularly in government and regulated industries, require mutual TLS or client certificate authentication. If the sending server cannot provide the required authentication, the message is rejected with 5.7.5.
Common Causes
- Server requires SMTP AUTH credentials that were not provided
- Required sender authentication (SPF/DKIM) missing or failing
- Mutual TLS or client certificate required but not provided
- Authentication mechanism mismatch between sender and receiver
How to Fix Error 5.7.5
- Configure SMTP AUTH credentials if the server requires login
- Implement and verify SPF and DKIM authentication for your domain
- Check if the server requires specific TLS or certificate authentication
- Review the error message text for details on which authentication is required
Frequently Asked Questions
Enhanced status code 5.7.5 indicates a "Cryptographic failure" -- the mail transport system was unable to validate or decrypt a message because necessary cryptographic information (such as an encryption key or certificate) was unavailable or invalid. This is a permanent failure in the security/policy category of SMTP status codes. It typically occurs when TLS negotiation fails, S/MIME decryption cannot be completed, or required cryptographic credentials are missing.
Common causes include expired or invalid TLS/SSL certificates on the sending or receiving mail server, mismatched cipher suites between servers that prevent TLS negotiation, missing or corrupted S/MIME certificates for encrypted messages, and server configurations that require specific encryption standards the other party cannot meet. This error is less common than other 5.7.x codes and typically affects server-to-server communication rather than end users directly.
Verify that your mail server's TLS/SSL certificate is valid, not expired, and properly installed. Ensure your server supports modern TLS versions (TLS 1.2 or 1.3) -- many servers now reject connections using TLS 1.0 or 1.1. If the error relates to S/MIME encryption, confirm the recipient's public key certificate is valid and that your mail client has the correct certificate installed. Check your server logs for specific cipher negotiation failures and update cipher suites as needed.
Yes, 5.7.5 can occur during STARTTLS negotiation when the cryptographic handshake fails. If the receiving server requires TLS but the connection cannot be established due to certificate issues or incompatible cipher suites, a cryptographic failure is returned. This is distinct from errors like 5.7.0 ("Must issue a STARTTLS command first"), which means TLS was required but never initiated. Error 5.7.5 means TLS was attempted but the cryptographic exchange itself failed.