Understanding and Resolving Gmail and Yahoo Email Error Codes
When Google and Yahoo transitioned long-standing best practices to enforced sender requirements, we created the following guide to help you understand where you can find evidence of delivery issues and begin to understand what additional steps you need to take in order to ensure you are sending according to their guidelines.
What are error codes?
Email error codes and bounce strings are generated when one email server attempts delivery to another email server that results in a failure. Error codes are also commonly referred to as bounce codes, SMTP errors, or Delivery Status Notifications (DSN).
You can use the messages and codes to help understand the underlying reason and attempt to troubleshoot them. Most often, the source sending emails on your behalf will have developed software to handle errors in an automated fashion for you. Where some email sources may expose these errors to you through their interface, the majority don’t, or they aggregate them to more generic bounce categories.
The numerical portion of the error allows for automated rules to be reliably created and actioned against by software. The message portion is intended to give a human-readable explanation.
Why are error codes important?
Understanding error codes, their meanings and what actions to take are important for anyone sending email at scale. Though there is some consistency among several large mailbox providers, there remains wide variation of the error codes when considering the much broader email receiving ecosystem.
The context of email delivery errors and DMARC is that they offer real evidence, either to validate what can be observed through the dmarcian platform or as an alternate signal altogether.
Google error codes are exposed in the our platform, which provides a means of identifying gaps in email authentication (DMARC/SPF/DKIM) across all of your email sending sources.
Following are the Gmail error codes and messages resulting from issues related to DMARC, SPF, DKIM and their revised sender guidelines:
Gmail SMTP Error Codes
| Error Code | Status Code | Error Text |
| 421 | 4.7.0 | The IP address sending this message does not have a PTR record, or the corresponding forward DNS entry does not point to the sending IP. To protect our users from spam, email sent from your IP address has been temporarily rate limited. |
| 451 | 4.7.23 | The sending IP address for this message doesn’t have a PTR record, or the PTR record’s forward DNS entry doesn’t match the sending IP address. To protect users from spam, your email has been temporarily rate limited. |
| 451 | 4.7.24 | The SPF record of the sending domain has one or more suspicious entries. To protect our users from spam, email sent from your IP address has been temporarily rate limited. |
| 451 | 4.7.26 | Unauthenticated email from domain-name is not accepted due to domain’s DMARC policy, but temporary DNS failures prevent authentication. Please contact the administrator of domain-name domain if this was a legitimate email. |
| 421 | 4.7.26 | This email has been rate limited because it is unauthenticated. Gmail requires all senders to authenticate with either SPF or DKIM. Authentication results: DKIM = did not pass SPF domain-name with ip: ip-address = did not pass. |
| 421 | 4.7.27 | Your email has been rate limited because SPF authentication didn’t pass for this message. Gmail requires all bulk email senders to authenticate their email with SPF. Authentication results: SPF domain-name with IP address: ip-address = Did not pass. |
| 421 | 4.7.28 | Gmail has detected an unusual rate of unsolicited email originating from your DKIM domain domain-name. To protect our users from spam, email sent from your domain has been temporarily rate limited. To review our bulk email senders guidelines, go to Email sender guidelines. |
| 421 | 4.7.28 | Gmail has detected an unusual rate of unsolicited email originating from your SPF domain domain-name. To protect our users from spam, email sent from your domain has been temporarily rate limited. |
| 421 | 4.7.30 | Your email has been rate limited because DKIM authentication didn’t pass for this message. Gmail requires all email bulk senders to authenticate their email with DKIM. Authentication results: DKIM = Did not pass. |
| 421 | 4.7.40 | Your email has been rate limited because the sending domain doesn’t have a DMARC record, or the DMARC record doesn’t specify a DMARC policy. Gmail requires all bulk email senders to add a DMARC record to their sending domain. |
| 421 | 4.7.32 | Your email has been rate limited because the From: header (RFC5322) in this message isn’t aligned with either the authenticated SPF or DKIM organizational domain. |
| 421 | 5.7.32 | Your email was blocked because the From: header (RFC5322) in this message isn’t aligned with either the authenticated SPF or DKIM organizational domain. |
| 550 | 5.7.24 | The SPF record of the sending domain has one or more suspicious entries. |
| 550 | 5.7.25 | This message was blocked because the sending IP address doesn’t have a PTR record, or the forwarding DNS entry doesn’t reference the sending IP address. Gmail requires that sending IP addresses have a PTR record. |
| 550 | 5.7.26 | This email has been blocked because the sender is unauthenticated. Gmail requires all senders to authenticate with either SPF or DKIM. Authentication results: DKIM = did not pass SPF [domain-name] with ip: [ip-address] = did not pass. |
| 550 | 5.7.26 | The (E)MAIL FROM domain [domain-name] has an SPF record with a hard fail policy (-all) but it fails to pass SPF checks with the ip: [ip-address]. |
| 550 | 5.7.26 | Unauthenticated email from domain-name is not accepted due to domain’s DMARC policy. Contact the administrator of domain-name domain if this was legitimate email. |
| 550 | 5.7.27 | This message was blocked because it didn’t pass SPF authentication. Gmail requires bulk email senders to authenticate their email with SPF. Authentication results: SPF with ip-address = did not pass |
| 550 | 5.7.30 | This message was blocked because it didn’t pass DKIM authentication. Gmail requires bulk email senders to authenticate their email with DKIM. Authentication results: DKIM = did not pass |
| 550 | 5.7.40 | Your message was blocked because the sending domain doesn’t have a DMARC record or the DMARC record doesn’t specify a DMARC policy. Gmail requires all bulk email senders to add a DMARC record to their sending domain. |
See Gmail’s full list of errors and codes and learn more about IP addresses and Email sender guidelines.
Yahoo SMTP Error Codes
Yahoo is another mailbox provider that has put forth considerable effort to return useful information in their response codes and strings.
The following are the Yahoo errors codes resulting from faulty DMARC, SPF, and DKIM records or other stated sender guidelines:
5XX (553 and 554) permanent errors – A 553 or 554 SMTP error indicates an email could not be delivered due to a permanent problem. Message delivery can be permanently deferred because of the following:
- You’re trying to send a message to an invalid email address.
- Your message failed authentication checks against your sending domain’s DMARC or DKIM policy.
- The message contains characteristics that Yahoo won’t accept for policy reasons.
- Other suspicious behavior which leads Yahoo to issue a permanent rejection for your SMTP connection.
- Your IP is listed by Spamhaus. Check with https://www.spamhaus.org.
Yahoo recommends to not resend an email that comes back with a 5xx error and that list managers should have a policy for removing email addresses that generate these errors.
- Authentication failures
- Your email failed one or more authentication checks that Yahoo uses to verify emails are truly sent from the domains they claim to originate from.
- Yahoo rejects emails for failing DKIM authentication when all of following conditions apply:
- The signing domain publishes a policy which states that all emails from the domain must be signed and authenticated with DKIM to prevent forgery.
- The signing domain is identified in the “d=” tag of the DKIM signature.
- The rejected email couldn’t be authenticated against the sending domain’s policy, for example, due to a missing or bad signature.
- If you’re not the system administrator for the mail servers affected, contact the administrator, so they can look into the situation further.
- For mailing lists, also known as “listservs,” you should change your sending behavior by adding the mailing lists’ address to the “From:” line, rather than the sender’s address. Also, enter the actual user/sender address into the “Reply-To:” line.
Here’s Yahoo’s full list of error codes.
If you need help figuring out email error codes, let us know. You can also register for a free trial to get visibility and insight into your email domains.
Want to continue the conversation? Head over to the dmarcian Forum.
