530

SMTP Error 530: Authentication Required

Permanent failure High severity Security RFC 4954
What it means

SMTP Error 530 means “Authentication Required.” The server requires SMTP authentication before accepting email. Your sending server must provide valid credentials using the AUTH command before sending the MAIL FROM command.

At a glance
Code530
Bounce typeHard (permanent)
SeverityHigh
CategorySecurity
What to doSuppress the address; do not retry
StandardRFC 4954
What it looks like in your mail logs
530 5.7.1 Client was not authenticated

What does 530 mean?

SMTP code 530 means the receiving server requires authentication before it will accept your email for relay or delivery. This is the server's way of saying you must log in before sending. This is most commonly encountered when configuring a smarthost or relay server, not when sending to external recipients.

If you see 530 when sending to external domains, it may indicate your sending server is misconfigured and trying to use a relay that requires authentication without providing credentials. Check your MTA configuration to ensure SMTP authentication credentials are properly configured for any relay servers you use.

How 530 plays out

Your server attempts delivery
The recipient server returns a permanent 530 rejection
This is a hard bounce: the message will not be accepted as sent
Suppress the address and fix the root cause before resending

Where 530 sits: soft vs hard bounce

Soft bounce (4xx) Hard bounce (5xx)
NatureTemporaryPermanent
SMTP class4xx5xx
What to doLet it retrySuppress the address
Recoverable?OftenNo
530 is✓ this code

Common causes of 530

  • Sending through a relay server that requires authentication without providing credentials
  • SMTP AUTH credentials not configured in your MTA settings
  • Authentication credentials expired or revoked
  • Attempting to relay through a server you are not authorized to use

How to fix 530

  • Configure SMTP authentication credentials in your MTA or email client
  • Verify your AUTH username and password are correct and not expired
  • Ensure your MTA sends the AUTH command before MAIL FROM
  • Check if you need to use a specific authentication mechanism (PLAIN, LOGIN, etc.)

Frequently asked questions

What does SMTP error 530 mean?
SMTP error 530 means "Authentication required": the mail server is refusing to process your email because you have not provided valid login credentials or have not initiated a secure connection. This permanent error occurs when SMTP authentication is not enabled in your email client, your username or password is incorrect, or the server requires a STARTTLS encrypted connection before it will accept authentication. It is one of the most common errors when configuring email clients like Outlook, Thunderbird, or Apple Mail.
How do I fix "530 5.7.0 Must issue a STARTTLS command first"?
This specific error means the mail server requires an encrypted TLS connection before it will accept your login credentials. To fix it, open your email client's account settings and enable SSL/TLS encryption for outgoing mail. Set the SMTP port to 587 (for STARTTLS) or 465 (for implicit SSL/TLS), and ensure the encryption method is set to "STARTTLS" or "SSL/TLS" rather than "None." This is especially common when configuring Gmail's SMTP server (smtp.gmail.com), which mandates TLS on port 587.
How do I enable SMTP authentication in Outlook?
To enable SMTP authentication in Outlook, go to File > Account Settings > Account Settings, select your email account and click "Change." Click "More Settings," navigate to the "Outgoing Server" tab, and check "My outgoing server (SMTP) requires authentication." Select "Use same settings as my incoming mail server" and click OK. For Microsoft 365, ensure you are using port 587 with STARTTLS encryption and that your credentials (full email address and password) are entered correctly.
Why does my email server say "530 authentication required"?
Your server returns "530 authentication required" because it is configured to require a valid username and password before relaying outbound email, and your email client did not provide them. This is a standard security measure to prevent unauthorized users from using the server as an open relay for spam. The fix is to enable SMTP authentication in your email client settings, verify your login credentials, ensure you are using the correct SMTP port (587 or 465), and confirm that SSL/TLS encryption is enabled.
What SMTP port should I use to avoid a 530 error?
To avoid a 530 error, use port 587 with STARTTLS encryption (the recommended standard for authenticated email submission) or port 465 with implicit SSL/TLS. Avoid using port 25, which is the default SMTP relay port and is often blocked by ISPs for residential connections; many servers will return a 530 error if you attempt authentication on port 25 without TLS. Gmail uses smtp.gmail.com on port 587 (STARTTLS) or 465 (SSL), and Microsoft 365 uses smtp.office365.com on port 587 with STARTTLS.
Reviewed by Jennifer Jackson, Email Deliverability Analyst · June 2026 ← All bounce codes