How Email Bounce Codes Work
When an email cannot be delivered, the receiving mail server returns a bounce message (also called a Non-Delivery Report or NDR) containing standardized codes that explain the failure. Understanding these codes is essential for diagnosing delivery problems and protecting your sender reputation.
The Two-Layer Code System
Email bounces use two complementary code systems:
- SMTP Reply Codes (defined in RFC 5321): Three-digit codes like
550or421returned during the SMTP conversation. - Enhanced Status Codes (defined in RFC 3463, extended by RFC 5248 and RFC 7504): Three-part codes in the format
X.Y.Z(e.g.,5.1.1) that provide more specific detail about the failure.
In practice, you will see them combined in bounce messages like: 550 5.1.1 The email account does not exist.
Bounce Classifications
| Class | SMTP Range | Enhanced Prefix | Type | Meaning |
|---|---|---|---|---|
| 2xx | 200-299 | 2.X.X | Success | The command completed successfully. Not a bounce. |
| 3xx | 300-399 | N/A | Intermediate | The server is waiting for more information to continue. |
| 4xx | 400-499 | 4.X.X | Soft Bounce (Transient) | Temporary failure. The sending server should retry later. |
| 5xx | 500-599 | 5.X.X | Hard Bounce (Permanent) | Permanent failure. The message will never be deliverable as-is. |
Enhanced Status Code Structure
Enhanced status codes follow the format class.subject.detail:
| Subject Code | Category | Description |
|---|---|---|
| X.0.X | Other | Undefined or other status not covered by other categories |
| X.1.X | Addressing | Problems with the sender or recipient email address |
| X.2.X | Mailbox | Issues with the recipient mailbox (full, disabled, etc.) |
| X.3.X | Mail System | Problems with the destination mail system |
| X.4.X | Network / Routing | Network connectivity or mail routing failures |
| X.5.X | Mail Protocol | SMTP protocol errors or command issues |
| X.6.X | Content / Media | Message content or encoding problems |
| X.7.X | Security / Policy | Authentication failures, policy blocks, permissions |
SMTP Reply Codes (RFC 5321)
These are the three-digit codes returned during the SMTP conversation between sending and receiving mail servers. They are defined in RFC 5321.
2xx - Success Codes
| Code | Meaning | Description |
|---|---|---|
211 | System status | System status or help reply. Informational response. |
214 | Help message | Response to the HELP command with information about the server. |
220 | Service ready | The SMTP server is ready and waiting for commands. Sent on initial connection. |
221 | Closing connection | The server is closing the transmission channel. Normal end of session after QUIT. |
235 | Authentication successful | The client has been successfully authenticated (used with SMTP AUTH). |
250 | OK / Action completed | The requested action was completed successfully. Returned after HELO, MAIL FROM, RCPT TO, etc. |
251 | User not local, will forward | The recipient is not on this server but the message will be forwarded. |
252 | Cannot verify user | The server cannot verify the recipient but will attempt delivery anyway. |
3xx - Intermediate Codes
| Code | Meaning | Description |
|---|---|---|
334 | Server challenge | Authentication challenge. The server is waiting for the client to send authentication credentials. |
354 | Start mail input | The server is ready to receive the message body. Sent in response to the DATA command. End input with a line containing only a period. |
4xx - Transient Failure Codes (Soft Bounces)
| Code | Meaning | Common Causes | Action |
|---|---|---|---|
421 | Service not available | Server is shutting down, too many connections, rate limiting, or temporary policy block. | Retry after delay. Check if your IP is being rate-limited. |
422 | Mailbox storage exceeded | Recipient's mailbox has exceeded its storage quota temporarily. | Retry later. The recipient needs to free up space. |
431 | Not enough disk space | The receiving server has run out of disk space. | Server admin issue. Retry later. |
432 | Recipient exchange server queue stopped | The recipient's Exchange server has paused its mail queue. | Retry later. Issue will typically resolve itself. |
441 | No answer from recipient server | The recipient's mail server is not responding. | Retry later. May indicate DNS or server outage. |
442 | Connection dropped | The TCP connection was dropped during transmission. | Retry. Check for network issues. |
450 | Mailbox unavailable | Greylisting, mailbox locked, or user is receiving too quickly. | Retry in a few minutes. Greylisting accepts on second attempt. |
451 | Local processing error | The server encountered a temporary internal error, DNS lookup failure, or content filtering delay. | Retry later. If persistent, check DNS configuration. |
452 | Insufficient storage / Too many recipients | Server storage full, too many recipients in one session, or mailbox over quota. | Retry with fewer recipients. Check quota limits. |
454 | TLS not available | Temporary failure with TLS negotiation. | Retry. May fall back to non-TLS if policy allows. |
5xx - Permanent Failure Codes (Hard Bounces)
| Code | Meaning | Common Causes | Action |
|---|---|---|---|
500 | Syntax error | The server did not recognize the command. Malformed SMTP command. | Fix the sending application's SMTP implementation. |
501 | Syntax error in parameters | Command arguments are malformed. Invalid email address format. | Verify sender and recipient address syntax. |
502 | Command not implemented | The server does not support the command (e.g., VRFY or EXPN disabled). | Remove unsupported commands from SMTP dialog. |
503 | Bad command sequence | Commands sent out of order (e.g., DATA before RCPT TO). | Fix the SMTP command sequence in your sending application. |
504 | Parameter not implemented | A command parameter is not supported by this server. | Remove unsupported parameters. |
521 | Server does not accept mail | The host does not accept incoming email at all (RFC 7504). | Remove the address. This host intentionally rejects all inbound email. |
530 | Authentication required | The server requires SMTP authentication before sending. | Configure your client to authenticate before sending. |
534 | Authentication mechanism too weak | The server requires a stronger authentication method. | Use a more secure authentication mechanism (e.g., OAuth 2.0). |
535 | Authentication failed | Invalid username or password. | Verify credentials. May need an app-specific password. |
541 | Message rejected by policy | Content filter or policy rejection. | Review message content for spam triggers. |
550 | Mailbox unavailable | User unknown, address does not exist, or delivery rejected by policy. | Verify the address. Remove invalid addresses from your list immediately. |
551 | User not local | The recipient is not on this server, and the server will not forward. | Use the correct address provided in the server response. |
552 | Storage exceeded | Message exceeds the recipient's storage quota or the message is too large. | Reduce message size or wait for recipient to free space. |
553 | Mailbox name not allowed | Invalid mailbox syntax or the address is rejected for formatting reasons. | Verify the recipient address format complies with RFC 5321. |
554 | Transaction failed | General permanent failure. Can indicate spam block, policy violation, or message content rejection. | Check bounce message details. May be blacklisted or content-filtered. |
556 | Domain does not accept mail | The recipient domain has a null MX record indicating it does not receive email (RFC 7504). | Remove the address. This domain is configured to not accept email. |
Important: Not all servers follow the standards precisely. Some return a
550 for what is actually a temporary issue (like rate limiting), and some return 450 for permanent issues (like disabled accounts). Always read the human-readable text portion of the bounce message for additional context.
Enhanced Status Codes (RFC 3463 / IANA Registry)
Enhanced status codes provide granular detail about bounce reasons. They are maintained in the official IANA SMTP Enhanced Status Codes Registry and defined across multiple RFCs including RFC 3463, RFC 5248, and RFC 7504.
X.1.X - Address Status (Addressing Problems)
These codes indicate problems with the sender or recipient email address.
| Code | Name | Type | Description | Common Causes | Fix |
|---|---|---|---|---|---|
X.1.0 |
Other address status | Hard | General address failure not covered by other X.1.X codes. | Miscellaneous addressing error. | Check the full bounce message for details. Verify the address. |
X.1.1 |
Bad destination mailbox address | Hard | The recipient email address does not exist on the destination system. | Typo in address, deleted account, never existed. | Remove from list immediately. Verify address spelling. Never retry. |
X.1.2 |
Bad destination system address | Hard | The destination domain is invalid or unreachable. No MX or A records found. | Typo in domain, domain expired, DNS misconfiguration. | Verify the domain portion of the address. Check DNS records. |
X.1.3 |
Bad destination mailbox address syntax | Hard | The recipient address has invalid syntax that cannot be parsed. | Special characters, spaces, or formatting errors in the address. | Correct the address format to comply with RFC 5321. |
X.1.4 |
Destination mailbox address ambiguous | Hard | The address matched multiple recipients and the server cannot determine which one. | Ambiguous alias or directory configuration on the receiving server. | Contact the recipient to get their exact address. |
X.1.5 |
Destination address valid | Success | The destination address is valid. Used with class 2 to confirm address validity. | N/A - this is a positive confirmation. | No action needed. |
X.1.6 |
Destination mailbox moved | Hard | The recipient has moved to a new address with no forwarding. | User changed providers, company restructured. | Remove address. Try to find the recipient's new address. |
X.1.7 |
Bad sender's mailbox address syntax | Hard | The sender address (From or envelope sender) has invalid syntax. | Malformed From address in the sending configuration. | Fix the sender address in your email configuration. |
X.1.8 |
Bad sender's system address | Hard | The sender's domain is invalid or unreachable. | Sender domain has no DNS records, or domain has expired. | Verify sender domain DNS records (MX, A, SPF). |
X.1.9 |
Message relayed to non-compliant mailer | Soft | The message was relayed to a system that may not fully support SMTP standards. | Gateway to a fax system, pager, or legacy mail system. | No action usually needed. Delivery may still succeed. |
X.1.10 |
Recipient address has null MX | Hard | The recipient domain has a null MX record (RFC 7505), indicating it does not accept email. | Domain is intentionally configured to reject all inbound mail. | Remove the address. The domain does not accept email by design. |
X.2.X - Mailbox Status
These codes relate to the state of the recipient's mailbox.
| Code | Name | Type | Description | Common Causes | Fix |
|---|---|---|---|---|---|
X.2.0 |
Other mailbox status | Varies | General mailbox error not covered by other X.2.X codes. | Various mailbox-related issues. | Read the full bounce message for details. |
X.2.1 |
Mailbox disabled | Hard | The mailbox exists but has been disabled and is not accepting messages. | Account suspended, deactivated by admin, or user closed account. | Remove from list. The mailbox is intentionally disabled. |
X.2.2 |
Mailbox full | Soft | The recipient's mailbox has exceeded its storage quota. | Recipient has not cleared old messages or hit quota limit. | Retry later. If it persists across 3-5 sends, treat as hard bounce. |
X.2.3 |
Message length exceeds limit | Hard | The message is too large for the recipient's mailbox or server configuration. | Large attachments, server has a low message size limit. | Reduce message size. Use links instead of large attachments. |
X.2.4 |
Mailing list expansion problem | Soft | The server encountered an error expanding a mailing list or alias. | Mailing list configuration error on the receiving server. | Contact the recipient's mail admin about the list configuration. |
X.3.X - Mail System Status
These codes indicate issues with the destination mail system itself.
| Code | Name | Type | Description | Fix |
|---|---|---|---|---|
X.3.0 | Other mail system status | Soft | General mail system error. | Retry later. Check for server outages. |
X.3.1 | Mail system full | Soft | The entire mail system is out of storage, not just one mailbox. | Retry later. Server admin needs to add storage. |
X.3.2 | System not accepting messages | Soft | The mail system is not accepting network messages. May be in maintenance. | Retry later. The system may be undergoing maintenance. |
X.3.3 | System not capable of selected features | Hard | The destination system does not support a feature required by the message. | Simplify the message. Remove advanced MIME features if possible. |
X.3.4 | Message too big for system | Hard | The message exceeds the maximum size the system will accept. | Reduce message size. Check provider limits (Gmail: 25MB, Outlook: 25MB, etc.). |
X.3.5 | System incorrectly configured | Soft | The destination mail system has a configuration error. | Contact the recipient's mail admin. The issue is on their side. |
X.3.6 | Requested priority changed | Info | The message priority was changed by the receiving system (RFC 6710). | Informational only. Delivery may still succeed. |
X.4.X - Network and Routing Status
These codes indicate problems with network connectivity or mail routing between servers.
| Code | Name | Type | Description | Fix |
|---|---|---|---|---|
X.4.0 | Other network/routing status | Soft | General network or routing error. | Retry later. Check DNS records for the destination domain. |
X.4.1 | No answer from host | Soft | The receiving mail server is not responding to connection attempts. | Retry later. Check if the destination MX servers are reachable. |
X.4.2 | Bad connection | Soft | The connection was established but failed during transmission. | Retry. May indicate network instability. |
X.4.3 | Directory server failure | Soft | The server could not access a directory (LDAP, Active Directory) needed to route the message. | Retry later. Issue is on the receiving end. |
X.4.4 | Unable to route | Soft | The message cannot be routed to the destination. No valid route exists. | Verify recipient domain DNS. Check MX records. |
X.4.5 | Mail system congestion | Soft | The receiving mail system is overloaded with traffic. | Retry with exponential backoff. Reduce sending rate. |
X.4.6 | Routing loop detected | Hard | A mail routing loop was detected (message exceeded maximum hop count). | Check for forwarding loops. Verify MX and mail forwarding rules. |
X.4.7 | Delivery time expired | Hard | The message sat in queue too long without successful delivery and has been abandoned. | Investigate why the destination was unreachable for an extended period. |
X.5.X - Mail Delivery Protocol Status
These codes indicate problems with the SMTP protocol conversation itself.
| Code | Name | Type | Description | Fix |
|---|---|---|---|---|
X.5.0 | Other protocol status | Hard | General SMTP protocol error. | Review SMTP logs for the specific command that failed. |
X.5.1 | Invalid command | Hard | The SMTP command is not recognized or not valid. | Fix the sending application's SMTP implementation. |
X.5.2 | Syntax error | Hard | A syntax error was detected in the SMTP command or arguments. | Review the SMTP dialog for formatting errors. |
X.5.3 | Too many recipients | Soft | The message has too many recipients for a single SMTP session. | Split the message into multiple sessions with fewer recipients each. |
X.5.4 | Invalid command arguments | Hard | The command arguments are valid syntax but not acceptable to the server. | Verify the arguments match what the server expects. |
X.5.5 | Wrong protocol version | Hard | A protocol version mismatch between client and server. | Update your mail server software. |
X.5.6 | Authentication exchange line too long | Hard | An authentication response exceeded the maximum line length (RFC 4954). | Check your authentication configuration. |
X.6.X - Message Content or Media Status
These codes relate to the content, encoding, or format of the message.
| Code | Name | Type | Description | Fix |
|---|---|---|---|---|
X.6.0 | Other media error | Hard | General content or media problem. | Review message format and encoding. |
X.6.1 | Media not supported | Hard | The message contains content types that the destination cannot process. | Convert to widely-supported content types (text/plain, text/html). |
X.6.2 | Conversion required and prohibited | Hard | The message needs content conversion but the sender prohibited it. | Allow content conversion or change message format. |
X.6.3 | Conversion required but not supported | Hard | Content conversion is needed but not available on the receiving system. | Change the message format to something the receiver supports. |
X.6.4 | Conversion with loss performed | Info | The message was converted but some information was lost. | Informational. Consider simplifying the message format. |
X.6.5 | Conversion failed | Hard | Content conversion was attempted but failed. | Simplify message format. Avoid complex MIME structures. |
X.6.6 | Message content not available | Soft | The message content is no longer available for delivery (RFC 4468). | Resend the message. |
X.6.7 | Non-ASCII addresses not permitted | Hard | The server does not support internationalized email addresses (RFC 6531). | Use ASCII-only email addresses for this recipient. |
X.7.X - Security and Policy Status
These are among the most common and most important bounce codes. They cover authentication failures, policy rejections, permissions issues, and security blocks.
General Security and Permission Codes
| Code | Name | Type | Description | Fix |
|---|---|---|---|---|
X.7.0 | Other security status | Varies | General security or policy rejection not covered by other X.7.X codes. | Read the full bounce message. May indicate content filtering or policy block. |
X.7.1 | Delivery not authorized | Hard | The sender is not authorized to send to this recipient. Message refused by policy. | Check if you are blacklisted. Verify sender authentication. Contact recipient admin. |
X.7.2 | Mailing list expansion prohibited | Hard | The sender is not allowed to send to this mailing list. | Request permission from the mailing list owner. |
X.7.3 | Security conversion required | Hard | A security conversion (e.g., encryption) is required but not possible. | Enable the required security feature (TLS, S/MIME, etc.). |
X.7.4 | Security features not supported | Hard | The message uses security features the destination does not support. | Send without the unsupported security features, or contact recipient admin. |
X.7.5 | Cryptographic failure | Hard | A cryptographic operation failed (e.g., signature verification). | Check your DKIM signing configuration and keys. |
X.7.6 | Cryptographic algorithm not supported | Hard | The receiving server does not support the cryptographic algorithm used. | Use a more widely supported algorithm (RSA-2048 for DKIM, etc.). |
X.7.7 | Message integrity failure | Hard | The message integrity check failed, suggesting it was modified in transit. | Check for mail gateways that modify messages. Fix DKIM body hash issues. |
X.7.8 | Authentication credentials invalid | Hard | SMTP AUTH credentials are wrong (RFC 4954). | Verify username and password. Reset credentials if needed. |
X.7.9 | Authentication mechanism too weak | Hard | The server requires a stronger authentication method. | Upgrade to OAuth 2.0 or another secure auth mechanism. |
X.7.10 | Encryption needed | Hard | The server requires an encrypted connection (TLS) for this operation. | Enable STARTTLS in your sending configuration. |
X.7.11 | Encryption required for authentication | Hard | TLS encryption is required before authentication can proceed (RFC 4954). | Issue STARTTLS before attempting authentication. |
X.7.12 | Password transition needed | Hard | The user's password must be changed before the account can send (RFC 4954). | Log in to the mail account and change the password. |
X.7.13 | User account disabled | Hard | The sender or recipient account has been disabled. | Contact the mail administrator to re-enable the account. |
X.7.14 | Trust relationship required | Hard | A trust relationship between sender and receiver domains is required but missing. | Establish the required trust relationship (e.g., TLS certificates, connectors). |
Authentication-Specific Codes (SPF, DKIM, DMARC)
| Code | Name | Type | Meaning | How to Fix |
|---|---|---|---|---|
X.7.20 |
No passing DKIM signature | Hard | The message has no DKIM signature that passes verification (RFC 7372). | Set up DKIM signing for your domain. Ensure your DKIM DNS record is published correctly. |
X.7.21 |
No acceptable DKIM signature | Hard | The message has a DKIM signature but it does not meet the receiver's requirements. | Check DKIM key length (use 2048-bit). Verify DKIM alignment with the From domain. |
X.7.22 |
No valid author-matched DKIM signature | Hard | No DKIM signature matches the author's (From header) domain (RFC 7372). | Ensure DKIM signing domain aligns with (matches or is a subdomain of) the From domain. |
X.7.23 |
SPF validation failed | Hard | The message failed SPF authentication. The sending IP is not authorized by the sender's SPF record (RFC 7372). | Add the sending IP or include mechanism to your SPF record. Use our SPF Checker to validate. |
X.7.24 |
SPF validation error | Soft | An error occurred during SPF evaluation (DNS timeout, too many lookups, etc.). | Fix SPF record errors. Reduce DNS lookups to under 10. Flatten if needed. |
X.7.25 |
Reverse DNS validation failed | Hard | The sending IP address does not have a valid PTR record, or the PTR does not resolve back to the IP. | Set up a PTR record for your sending IP that resolves forward and backward correctly. |
X.7.26 |
Multiple authentication checks failed | Hard | The message failed multiple authentication checks (SPF and/or DKIM) and the domain's DMARC policy rejects it. | Fix both SPF and DKIM. Ensure DMARC alignment. Use our DMARC Checker to verify. |
X.7.27 |
Sender address has null MX | Hard | The sender's domain has a null MX record (RFC 7505), meaning it does not accept mail and should not be sending. | Fix the sender domain's MX records, or send from a domain that has valid mail infrastructure. |
X.7.28 |
Mail flood detected | Soft | The receiving system has detected an unusually high volume of mail and is rate limiting. | Reduce sending rate. Implement proper IP warmup. Spread volume over time. |
X.7.29 |
ARC validation failure | Hard | Authenticated Received Chain (ARC) validation failed (RFC 8617). | Check ARC sealing configuration on intermediate mail servers. |
X.7.30 |
REQUIRETLS support required | Hard | The message requires TLS but the next hop does not support REQUIRETLS (RFC 8689). | Ensure all servers in the delivery path support TLS. |
Authentication is now mandatory. As of 2024, Gmail, Yahoo, and Microsoft all require SPF, DKIM, and DMARC for bulk senders. Missing authentication will result in rejected or deferred mail. See our Email Authentication Guide for setup instructions.
Gmail / Google Workspace Bounce Codes
Gmail uses standard SMTP codes combined with descriptive text messages. All Gmail errors include the gsmtp identifier. Below are the most common Gmail-specific bounce codes. For the complete official list, see Google's SMTP error reference.
Gmail Temporary Errors (Soft Bounces)
| Code | Message | Cause | Fix |
|---|---|---|---|
421 4.7.0 | IP not in whitelist for RCPT domain | Sending IP not whitelisted for the recipient domain. | Add IP to allowed senders in Google Admin console. |
421 4.7.0 | Suspicious due to very low reputation of the sending IP | Sending IP has very poor reputation with Google. | Warm up your IP. Fix spam issues. Check Google Postmaster Tools. |
421 4.7.0 | Suspicious due to very low reputation of the sending domain | Sending domain has very poor reputation. | Improve domain reputation. Reduce complaints. Improve engagement. |
421 4.7.0 | Suspicious due to the nature of the content | Message content or links flagged as suspicious. | Review content for spam triggers. Check URLs against Google Safe Browsing. |
421 4.7.0 | Missing PTR record | Sending IP has no reverse DNS record or the PTR does not match. | Set up a valid PTR record for your sending IP. |
421 4.7.0 | TLS required for RCPT domain | The recipient domain requires TLS encryption. | Enable STARTTLS on your mail server. |
421 4.7.26 | Unauthenticated email rate limited | Email lacks SPF or DKIM authentication. | Set up SPF and DKIM for your sending domain. |
421 4.7.27 | SPF authentication did not pass | SPF check failed for the sending domain. | Fix your SPF record to include all sending IPs. |
421 4.7.28 | Unusual rate of unsolicited mail from your IP | High volume or spam-like sending patterns detected from your IP. | Reduce sending volume. Improve list quality. Warm up properly. |
421 4.7.28 | Unusual rate from your DKIM domain | Spam volume associated with your DKIM signing domain. | Review and clean your sending lists. Monitor DKIM-signed traffic. |
421 4.7.28 | Unusual rate from your SPF domain | Spam volume associated with your SPF domain. | Audit who is sending on behalf of your domain. |
421 4.7.29 | Not using a TLS connection | Message sent without TLS encryption. | Enable TLS on your sending server. |
421 4.7.30 | DKIM authentication did not pass | DKIM signature validation failed. | Verify DKIM signing configuration and DNS records. |
421 4.7.32 | DMARC alignment failed (rate limited) | From header domain not aligned with SPF or DKIM domain. | Align your SPF and/or DKIM domain with your From address domain. |
421 4.7.40 | Missing DMARC record | Sending domain has no DMARC record or no DMARC policy. | Publish a DMARC record for your domain. |
450 4.2.1 | User receiving mail too quickly | Recipient is being sent too many messages in a short period. | Slow down sending to this recipient. |
451 4.3.0 | Mail server temporarily rejected message | Temporary server issue or content filtering delay. | Retry later. Usually resolves within minutes. |
452 4.2.2 | Recipient inbox is out of storage space | Recipient's Gmail/Google Drive storage is full. | Retry later. Recipient needs to free storage space. |
452 4.5.3 | Too many recipients | Message has too many recipients for one transaction. | Split into smaller batches. Gmail limits vary by account type. |
Gmail Permanent Errors (Hard Bounces)
| Code | Message | Cause | Fix |
|---|---|---|---|
550 5.1.1 | The email account does not exist | Recipient address is invalid or has been deleted. | Remove from list immediately. Verify address spelling. |
550 5.2.1 | The email account is inactive | Account exists but has been deactivated. | Remove from list. The account owner may have abandoned it. |
550 5.4.5 | Daily sending limit exceeded | Sender has exceeded Gmail's daily sending limits (500/day free, 2000/day Workspace). | Wait 24 hours. Upgrade to Google Workspace for higher limits. |
550 5.7.1 | Message is likely unsolicited mail | Gmail classified your message as spam. | Improve content quality. Authenticate properly. Build sender reputation. |
550 5.7.1 | Low reputation of the sending IP address | Sending IP has very poor reputation. | Check Google Postmaster Tools. Consider a new IP with proper warmup. |
550 5.7.1 | Low reputation of the sending domain | Sending domain has very poor reputation. | Clean your list. Reduce complaints. Improve engagement metrics. |
550 5.7.1 | Messages missing a valid From header | Message has no From header or the address is invalid. | Ensure every message has a valid RFC 5322 From header. |
550 5.7.1 | Duplicate headers detected | Message has duplicate headers violating RFC 5322. | Fix your mail system to not produce duplicate headers. |
550 5.7.24 | Suspicious SPF record entries | Your SPF record contains entries that look suspicious or overly broad. | Review and tighten your SPF record. Remove overly permissive includes. |
550 5.7.25 | Sending IP has no PTR record | No reverse DNS configured, or forward/reverse mismatch. | Set up a PTR record that resolves correctly in both directions. |
550 5.7.26 | Unauthenticated email not accepted | Email lacks SPF and DKIM authentication. | Set up both SPF and DKIM for your domain. |
550 5.7.26 | DMARC policy rejection | Domain's DMARC policy is set to reject and the message failed alignment. | Fix SPF/DKIM alignment or adjust DMARC policy. Contact domain admin. |
550 5.7.27 | SPF authentication failure (permanent) | SPF hard fail (-all) with the sending IP not listed. | Add the sending IP to your SPF record. |
550 5.7.28 | Unusual rate of unsolicited mail from your IP | Persistent spam-like activity from your IP (permanent version of 421 4.7.28). | Stop sending. Clean lists. Resolve IP reputation issues before resuming. |
550 5.7.29 | Message not sent over TLS | Gmail requires TLS for this sender. | Enable STARTTLS on your mail server. |
550 5.7.30 | DKIM authentication failure (permanent) | DKIM signature is invalid or missing. | Fix DKIM signing. Verify DNS records match. |
550 5.7.32 | DMARC alignment failure (blocked) | From domain not aligned with SPF or DKIM organizational domain. | Align authentication domains with the From header domain. |
550 5.7.40 | Missing DMARC record (permanent) | No DMARC record published for the sending domain. | Publish a DMARC record for your domain. |
552 5.2.2 | Recipient inbox is out of storage (inactive) | Mailbox full and account appears inactive. | Remove from list. The account may be permanently abandoned. |
552 5.2.3 | Message exceeded Google's size limits | Message is larger than 25 MB (including encoding overhead). | Reduce message size. Use Google Drive links for large files. |
552 5.7.0 | Potential security issue with content | Message contains blocked file types or malicious content. | Remove blocked attachment types (.exe, .bat, etc.). Check content. |
553 5.1.2 | Cannot find the recipient domain | The domain after the @ symbol is invalid. | Verify the domain name spelling. |
554 5.6.0 | Email message is malformed | The message does not comply with email standards. | Review message construction for RFC 5322 compliance. |
Gmail "69585" Bounce: This is a preemptive block where Gmail prevents delivery before the message reaches the recipient's server. It is triggered when Google suspects the message is spam, often due to flagged URLs, poor sending IP history, or missing authentication. Fix by ensuring proper SPF/DKIM/DMARC, cleaning content of suspicious URLs, and improving sending reputation via Google Postmaster Tools.
Microsoft 365 / Outlook / Exchange Online Bounce Codes
Microsoft uses Non-Delivery Reports (NDRs) with enhanced status codes. Many codes are Microsoft-specific extensions. For the complete official list, see Microsoft's NDR documentation.
Address and Routing Errors
| Code | Message | Type | Cause | Fix |
|---|---|---|---|---|
550 5.1.0 | Address rejected | Hard | General address rejection. Sender or recipient address is invalid. | Verify both sender and recipient addresses. |
550 5.1.1 | User unknown | Hard | The recipient does not exist in the organization's directory. | Check spelling. Verify the address with the recipient's organization. |
550 5.1.8 | Bad outbound sender address | Hard | The sender's email address is not properly configured in Exchange. | Verify sender account configuration in Exchange admin. |
550 5.1.10 | Recipient not found | Hard | Recipient not found by address lookup in the organization. | Verify the recipient address. |
550 5.4.1 | Relay access denied | Hard | The mail server will not relay mail for this sender/recipient combination. | Check mail flow rules and connector configuration. |
554 5.4.6 | Routing loop / too many hops | Hard | The message exceeded the maximum number of hops (usually 50). | Check for forwarding loops between mail servers. |
550 5.4.14 | Delivery time expired | Hard | Message was queued too long without successful delivery. | Investigate connectivity to the destination server. |
Mailbox and Quota Errors
| Code | Message | Type | Cause | Fix |
|---|---|---|---|---|
550 5.2.1 | Mailbox disabled | Hard | The recipient mailbox has been disabled by the admin. | Remove from list. Contact recipient through other channels. |
552 5.2.2 | Mailbox full | Soft | The mailbox has exceeded its storage quota. | Retry later. Persistent over-quota may indicate abandoned account. |
552 5.3.4 | Message too large | Hard | The message exceeds the maximum size limit (25 MB for Exchange Online). | Reduce message size. Use OneDrive links for large files. |
Security, Policy, and Authentication Errors
| Code | Message | Type | Cause | Fix |
|---|---|---|---|---|
550 5.7.1 | Client was not authenticated | Hard | Sending server did not authenticate with the receiving server. | Configure sending server to authenticate before delivery. |
550 5.7.1 | Delivery not authorized | Hard | Sender not authorized to send to a distribution group or restricted recipient. | Request permission from the recipient's admin or group owner. |
550 5.7.5 | Remote certificate failed MTA-STS validation | Hard | Destination server's TLS certificate does not match its MTA-STS policy. | Fix the destination server's certificate or MTA-STS policy. |
550 5.7.12 | Sender not authenticated by organization | Hard | Recipient only accepts messages from within its organization. | Contact the recipient's admin to allow external senders. |
550 5.7.23 | SPF violation | Hard | Message failed SPF check on the destination system. | Fix your SPF record. |
550 5.7.25 | IPv6 requires reverse DNS | Hard | Sending over IPv6 but no reverse DNS record for the IPv6 address. | Add a PTR record for your IPv6 sending address. |
550 5.7.57 | Client not authenticated for MAIL FROM | Hard | SMTP relay endpoint requires authentication but none was provided. | Configure your application to authenticate via smtp.office365.com. |
550 5.7.64 | TenantAttribution; Relay Access Denied | Hard | Inbound connector configuration is incorrect after on-premises environment change. | Update the inbound connector settings in Exchange Online admin. |
550 5.7.124 | Sender not in allowed-senders list | Hard | Distribution group restricts who can send to it. | Ask the group owner to add you to the allowed senders. |
550 5.7.133 | Sender not authenticated for group | Hard | Distribution group only accepts mail from inside the organization. | Contact group owner or admin to allow external messages. |
550 5.7.134 | Sender not authenticated for mailbox | Hard | Recipient mailbox only accepts internal messages. | Contact recipient's admin to allow external delivery. |
550 5.7.136 | Sender was not authenticated | Hard | Mail user configured to reject external messages. | Contact recipient's admin. |
550 5.7.232 | Trial tenant daily limit exceeded | Hard | Trial tenant exceeded external recipient rate limit. | Wait for the 24-hour window to reset or upgrade to paid tenant. |
550 5.7.233 | Tenant daily limit exceeded | Hard | Tenant exceeded external recipient rate limit. | Wait for the 24-hour rolling window to reset. |
550 5.7.321 | starttls-not-supported | Hard | Destination requires TLS but does not support STARTTLS. | Fix the destination server's TLS configuration. |
550 5.7.322 | certificate-expired | Hard | Destination server's TLS certificate has expired. | Renew the destination server's TLS certificate. |
550 5.7.323 | tlsa-invalid (DANE failure) | Hard | Destination domain failed DANE (DNS-based Authentication of Named Entities) validation. | Fix TLSA DNS records or destination server certificate. |
550 5.7.324 | dnssec-invalid | Hard | Destination domain returned invalid DNSSEC records. | Fix DNSSEC configuration for the destination domain. |
550 5.7.501 | Access denied, spam abuse detected | Hard | Sending account banned due to spam activity. | Resolve account compromise. Reset credentials. Contact Microsoft Support. |
550 5.7.502-503 | Banned sender | Hard | Sending account was banned for spam. | Resolve issues. Reset credentials. Contact Microsoft Support. |
550 5.7.506 | Bad HELO | Hard | Server HELO/EHLO hostname matches the destination instead of the source. | Fix your server's HELO hostname to use your own FQDN. |
550 5.7.507 | Rejected by recipient | Hard | Sending IP blocked by the recipient's organization. | Contact recipient to have your IP unblocked. |
550 5.7.509 | DMARC reject | Hard | Sender domain fails DMARC with p=reject policy. | Fix SPF/DKIM alignment with your From domain. |
550 5.7.511 | Banned sender (IP blocked) | Hard | Sending IP is on Microsoft's blocklist. | Email delist@microsoft.com to request removal. |
550 5.7.512 | No valid From address | Hard | Message has no valid From address per RFC 5322. | Include a properly formatted From header in all messages. |
550 5.7.513 | Client host blocked by custom blocklist | Hard | Recipient domain added your IP to its custom blocklist. | Contact recipient domain admin to remove from blocklist. |
550 5.7.606-649 | Banned sending IP | Hard | Sending IP is banned by Microsoft for reputation issues. | Use the self-service delist portal at Microsoft. |
550 5.7.703 | Blocked by Tenant Allow/Block List | Hard | Recipient address/domain is blocked by the sender's own organization policy. | Admin must remove the block entry from Tenant Allow/Block List. |
550 5.7.705 | Tenant exceeded threshold | Hard | Most traffic from the tenant is flagged as suspicious. | Resolve compromises. Contact Microsoft Support. |
550 5.7.708 | Traffic not accepted from this IP | Hard | IP is blocked due to suspicious traffic patterns. | Resolve compromises. Contact Microsoft Support. |
550 5.7.750 | Client blocked from unregistered domains | Hard | Sending from domains not added/verified in the Microsoft 365 tenant. | Add and verify all sending domains in your Microsoft 365 admin. |
Yahoo / AOL Bounce Codes
Yahoo (which also handles AOL and Verizon email) uses standard SMTP codes combined with proprietary tag identifiers (like TS01, TSS04, PH01). For the official reference, see the Yahoo Sender Hub.
Yahoo Temporary Errors (Soft Bounces)
| Code | Tag | Message | Cause | Fix |
|---|---|---|---|---|
421 4.0.0 | - | Service not available, closing transmission channel | Yahoo server is temporarily unavailable or overloaded. | Retry after a few minutes. |
421 4.0.0 | - | Max message per connection reached | Too many messages sent on a single SMTP connection. | Open new connections. Limit messages per connection. |
421 4.7.0 | TS01 | Messages temporarily deferred - new/cold IP | Sending IP has little or no sending history with Yahoo. | Warm up the IP gradually. Start with low volume and increase over weeks. |
421 4.7.0 | TS02 | Messages temporarily deferred - complaint rate | Yahoo is seeing a spike in spam complaints from your mail. | Investigate and reduce complaint sources. Review recipient engagement. |
421 4.7.0 | TS03 | Traffic temporarily held - abuse signal | Yahoo detected spikes in unknown users, content changes, or abuse patterns. | Check for list quality issues. Verify sending infrastructure. |
421 4.7.0 | TSS04 | IP sending more than reputation allows | Sending volume exceeds what Yahoo will accept from this IP based on its reputation. | Reduce volume. Improve reputation. Follow warmup best practices. |
450 4.0.0 | - | User is receiving mail too quickly | Rate limit per recipient exceeded. | Reduce sending rate to this specific recipient. |
451 4.0.0 | - | Resources temporarily unavailable | Yahoo server experiencing temporary resource constraints. | Retry later. |
452 4.0.0 | - | Temporary domain failure | Temporary DNS or domain lookup issue. | Retry later. Usually resolves automatically. |
Yahoo Permanent Errors (Hard Bounces)
| Code | Tag | Message | Cause | Fix |
|---|---|---|---|---|
550 5.0.0 | - | Relaying denied | Yahoo will not relay mail for this address. | Verify recipient address is a valid Yahoo/AOL address. |
552 5.1.1 | - | Mailbox not found | The recipient mailbox does not exist at Yahoo. | Remove from list immediately. This is a permanent invalid address. |
553 5.7.1 | - | Connections not accepted - Spamhaus listing | Your sending IP is listed on Spamhaus ZEN or XBL blacklist. | Check and delist from Spamhaus. Fix the underlying issue causing the listing. |
553 5.7.2 | TSS09 | Permanently deferred - significant abuse | Yahoo detected significant abuse or policy violations from your IP/domain. | Resolve all abuse issues. May require contacting Yahoo postmaster. |
553 5.7.2 | TSS11 | Permanently blocked sender | Repeated policy violations or persistent spam complaints. | Address root causes. Contact Yahoo postmaster with remediation proof. |
554 5.5.4 | - | User does not have an account | The Yahoo account never existed or was permanently deleted. | Remove from list immediately. |
554 5.5.4 | - | Mailbox disabled | The account has been deactivated or is dormant. | Remove from list. |
554 5.5.4 | - | Headers are not RFC compliant | Message headers violate RFC formatting requirements. | Fix message header construction to comply with RFC 5322. |
554 5.7.1 | TS06 | Sender reputation too low | Sender reputation has degraded beyond acceptable thresholds. | Provide evidence of complaint/bounce control to Yahoo postmaster. |
554 5.7.1 | TS07 | Abusive content detected | Content appears to be phishing or contains obfuscated redirects. | Remove offending content. Ensure legitimate URLs and content. |
554 5.7.9 | - | Message not accepted for policy reasons | General policy violation. Can include DMARC failures, content issues, or reputation blocks. | Review authentication (SPF, DKIM, DMARC). Check content. Consult Yahoo Sender Hub. |
554 | PH01 | Email not accepted for policy reasons | Permanent policy block, often due to Spamhaus listing, DMARC failure, or compromised infrastructure. | Fix underlying issues. Provide remediation proof to Yahoo before traffic resumes. |
Yahoo/AOL Note: Since Yahoo acquired AOL and Verizon Media email, all these domains (yahoo.com, aol.com, verizon.net, att.net via Yahoo forwarding) share the same mail infrastructure and error codes. Fixing an issue for one typically fixes it for all Yahoo-managed domains.
Apple iCloud Mail Bounce Codes
Apple iCloud Mail (me.com, icloud.com, mac.com) uses standard SMTP codes with Apple-specific tags. For postmaster information, see Apple's postmaster page.
| Code | Message | Type | Cause | Fix |
|---|---|---|---|---|
421 4.7.0 | Too many errors | Soft | Too many SMTP errors from your connection. | Fix SMTP implementation. Reduce error rate. |
421 4.7.1 | Messages deferred due to excessive volume | Soft | Sending too much mail too fast to iCloud recipients. | Reduce sending rate. Implement throttling. |
451 4.7.1 | Service unavailable - try again later | Soft | Temporary service issue on Apple's side. | Retry later with exponential backoff. |
550 5.1.1 | User does not exist | Hard | The iCloud email address does not exist. | Remove from list immediately. |
550 5.7.1 [CS01] | Message rejected due to local policy | Hard | Apple's content filter or spam filter blocked the message. | Review message content. Check sender reputation. Ensure authentication. |
550 5.7.1 | Rejected due to domain's DMARC policy | Hard | The sending domain's DMARC policy is set to reject and the message failed alignment. | Fix SPF and DKIM alignment with your From domain. |
550 5.7.1 | Domain present in Spamhaus DBL | Hard | Your sending domain is listed on the Spamhaus Domain Block List. | Check and request removal from Spamhaus DBL. Fix the underlying issue. |
552 5.2.2 | User is overquota | Soft | Recipient's iCloud storage is full. | Retry later. If persistent, treat as hard bounce. |
554 5.7.1 | Relay access denied | Hard | You are trying to relay mail through Apple's servers without authorization. | Send directly to Apple's MX servers, not through them. |
554 5.7.1 [CS01] | Message rejected due to local policy | Hard | Permanent content/policy block. More severe than 550 version. | Significant content or reputation issues need resolution. |
Comcast / Xfinity Bounce Codes
Comcast uses standard SMTP codes with proprietary reference identifiers (BL, RL, DM series). For official documentation, see the Xfinity Postmaster page.
Comcast Standard SMTP Errors
| Code | Message | Type | Cause | Fix |
|---|---|---|---|---|
450 4.2.0 | Recipient temporarily unavailable | Soft | Temporary issue with recipient's mailbox. | Retry later. |
452 4.1.1 | Too many recent messages | Soft | Rate limiting - too many messages sent recently. | Slow down sending rate to Comcast recipients. |
452 4.1.1 | User over quota | Soft | Recipient mailbox is over storage quota. | Retry later. |
550 5.1.1 | Not our customer | Hard | Address does not exist in Comcast's system. | Remove from list immediately. |
550 5.1.1 | Recipient mailbox unallocated | Hard | The mailbox was never created or has been permanently removed. | Remove from list immediately. |
550 5.2.0 | Recipient unavailable | Hard | The recipient account is not accepting messages. | Remove from list or retry after an extended period. |
552 5.1.1 | Extended quota violation | Hard | Persistent quota violation - mailbox has been full for an extended period. | Remove from list. The account may be abandoned. |
Comcast Proprietary Error Codes
| Code ID | SMTP Code | Meaning | Cause | Fix |
|---|---|---|---|---|
BL000000 | 554 | IP blocked - spam patterns | Comcast's filters detected spam-like sending patterns from your IP. | Contact Comcast postmaster. Review sending practices. |
BL000001 | 554 | IP listed on Spamhaus ZEN | Your sending IP is on the Spamhaus ZEN blocklist. | Request removal from Spamhaus. Fix the underlying issue. |
BL000010 | 554 | IP listed on Cloudmark CSI | Your IP is listed on the Cloudmark Sender Intelligence blocklist. | Request removal from Cloudmark. |
BL000011 | 554 | IP listed on both Spamhaus and Cloudmark | Your IP appears on both Spamhaus ZEN and Cloudmark CSI. | Request removal from both blocklists. |
DM000001 | 550 | DMARC rejection | Message rejected due to the sender domain's DMARC policy. | Fix SPF/DKIM alignment. Check DMARC policy. |
RL000001 | 421 | Rate limited - throttled | You are sending too much mail to Comcast too quickly. | Reduce sending rate. Implement gradual throttling. |
Comcast Postmaster: For IP block removal, contact Comcast's postmaster at their Service Policy Assurance page. You will need to provide the IP address and the specific error code from the bounce message.
AT&T / SBCGlobal Bounce Codes
AT&T email domains (att.net, sbcglobal.net, bellsouth.net) now route through Yahoo's infrastructure, so most Yahoo error codes apply. However, some AT&T-specific errors still appear:
| Code | Message | Type | Cause | Fix |
|---|---|---|---|---|
553 5.3.0 | DNSBL:RBL 521 | Hard | Sending IP is blocked by a DNS-based blocklist. | Check and delist from the blocklist. Email abuse_rbl@abuse-att.net. |
554 [RL02] | Message content not accepted for policy reasons | Hard | Content rejected by AT&T's policy filters. | Review message content. Set up DKIM aligned to From domain. |
451 4.7.7 | Excessive userid unknowns | Soft | Too many messages sent to non-existent AT&T addresses. | Clean your list of invalid AT&T addresses. Improve list hygiene. |
Bounce Code Impact on Sender Reputation
Not all bounces affect your sender reputation equally. Here is how different categories of bounces impact your reputation with major mailbox providers.
Impact by Bounce Category
| Bounce Category | Examples | Reputation Impact | Required Action |
|---|---|---|---|
| Invalid Address | 5.1.1, 5.1.2, 550 User unknown | Severe | Remove immediately. High rates signal poor list acquisition or hygiene. Directly triggers reputation penalties. |
| Mailbox Full | 4.2.2, 5.2.2, 452 | Moderate | Retry 3-5 times. Persistent full mailboxes suggest abandoned accounts. Remove after repeated failures. |
| Mailbox Disabled | 5.2.1, 554 mailbox disabled | Severe | Remove immediately. Sending to disabled accounts is a strong negative signal, similar to invalid addresses. |
| Authentication Failure | 5.7.20-5.7.27, DMARC reject | Severe | Fix authentication immediately. SPF/DKIM/DMARC failures are a top-tier reputation damaging signal. |
| Policy Block / Spam | 5.7.1, 554 spam, content rejected | Severe | Review sending practices. You are being classified as a spammer. This can cascade to affect all your mail. |
| Rate Limiting | 421, 4.7.0, 4.7.28, TSS04 | Low-Moderate | Slow down. Respect the provider's rate limits. Implement exponential backoff. Not immediately damaging if handled properly. |
| Server / Network | 4.4.1, 4.4.2, 421 service unavailable | Minimal | Retry with backoff. These are typically not your fault and have minimal reputation impact if retries succeed. |
| Content / Size | 5.2.3, 5.3.4, 5.6.X | Low | Fix message formatting. These do not typically damage reputation but reduce deliverability for that specific message. |
| IP Blacklisted | 5.7.1 + Spamhaus, BL000001 | Critical | Stop sending immediately. Delist your IP. Investigate the root cause. Blacklisting is the most severe reputation event. |
Acceptable Bounce Rate Thresholds
| Metric | Threshold | Consequence if Exceeded |
|---|---|---|
| Hard bounce rate | Below 2% | Above 2% triggers reputation penalties at most providers. Above 5% may cause account suspension at ESPs. |
| Total bounce rate (hard + soft) | Below 5% | High total bounce rates indicate systemic list quality problems. |
| Spam complaint rate | Below 0.1% (Gmail), Below 0.3% (others) | Exceeding complaint thresholds causes inbox placement to drop dramatically. |
| Unknown user rate (per provider) | Below 2-5% | High unknown user rates to a specific provider can trigger IP or domain blocks at that provider. |
Best Practices for Managing Bounces
- Remove hard bounces immediately. After the first 5.1.1 (user unknown) bounce, suppress the address permanently. Never retry.
- Track soft bounces over time. After 3-5 consecutive soft bounces to the same address across different sends, treat it as a hard bounce.
- Fix authentication first. SPF, DKIM, and DMARC failures are the most preventable and most damaging bounce causes. Use our Sender Reputation Checker to verify your setup.
- Monitor per-provider bounce rates. A spike in bounces at one provider (e.g., all Gmail bounces) usually means you have been blocked by that provider specifically.
- Warm up new IPs and domains gradually. Sending high volume from a new IP triggers rate limiting (421/450) at all major providers.
- Use double opt-in. This is the single most effective way to prevent hard bounces from entering your list.
- Validate before sending. Use email verification services and check addresses at the point of collection to catch typos and invalid addresses.
- Maintain suppression lists. Keep a permanent list of bounced addresses and check new signups against it before adding to your mailing list.
- Respect rate limits. When you receive 421 or 450 codes, implement exponential backoff. Aggressively retrying will make things worse.
- Monitor blacklists regularly. Use our Blacklist Checker to scan your sending IPs and domains against the most widely used blocklists.
Check your overall health: Use our Sender Reputation Checker to get a comprehensive Sender Reputation Score that evaluates your authentication, blacklist status, DNS configuration, and more.