- November 2022
- Engineering Memo · External Release
Email deliverability monitoring typically tracks two aggregate metrics: delivery rate (the proportion of messages that received a 250 OK response) and bounce rate (the proportion that received a permanent 5XX rejection). These metrics are necessary but insufficient. Between the 250 OK deliveries and the hard-bounce rejections lies a long tail of SMTP response codes — deferrals, policy blocks, authentication rejections, rate limit responses — that carry diagnostic information aggregate metrics cannot reveal.
Operators who read only the top-level delivery and bounce rates are missing the specific SMTP signals that identify the exact nature of each delivery problem. This note documents the most operationally significant long-tail SMTP errors, what each indicates about the sending programme's relationship with the ISP returning it, and what the correct response to each is.
The SMTP Response Code Taxonomy
SMTP response codes follow a three-digit structure defined in RFC 5321. The first digit indicates the category: 2XX is success (250 OK is the standard delivery acknowledgement), 4XX is temporary failure (the ISP is asking the sender to try again later), and 5XX is permanent failure (the ISP is rejecting this message definitively). The second digit provides subcategory information; the third digit is specific to the implementation.
The most important long-tail codes are in the 4XX range — temporary failures that may be greylisting, throttling, policy-based deferrals, or early-stage reputation signals. Reading the 4XX response message text, not just the numeric code, is essential: two messages with code 421 may mean completely different things (one is a greylisting deferral, another is a connection limit throttle), and the response message text is the only distinguishing information available.
The 5XX permanent failures beyond the common 550 5.1.1 "user does not exist" also carry diagnostic information. A 550 5.7.1 "rejected for policy reasons" is very different from a 550 5.1.1 "mailbox not found" — the former indicates a reputation or policy block that requires investigation, the latter indicates an invalid address that requires suppression. Processing both as generic "bounces" and suppressing the address misses the actionable intelligence in the policy rejection code.
Figure 1 — SMTP Response Code Taxonomy and Operational Significance
The Most Commonly Overlooked 4XX Codes
421 4.7.0 — Try again later. This is Gmail's primary throttle response. The message text typically includes "rate limit exceeded" or "too many connections from your IP." At High reputation, this response means the sender has exceeded the per-IP connection rate that Gmail's current rate limit for this sender allows. Action: reduce max-smtp-out for Gmail domain blocks and wait for the rate limit to reset. At Medium or Low reputation, this response occurs at lower connection rates and indicates reputation-based throttling that requires reputation improvement rather than just connection count reduction.
421 RP-001 — Microsoft connection rate exceeded. This is Microsoft's specific connection rate throttle code. Unlike Gmail's generic 421, Microsoft's RP-001 code precisely identifies the cause as connection rate excess. The correct response is reducing max-smtp-out for Hotmail/Outlook/Live domain blocks. If SNDS shows Green status for the sending IP, this is a connection rate issue only; if SNDS shows Yellow or Red, the connection rate reduction is necessary but not sufficient — the underlying SNDS status issue also requires attention.
451 4.7.0 — Temporary authentication failure. This code, returned by some ISPs when a DKIM or SPF check produces an inconclusive result, indicates an authentication system issue rather than a reputation issue. The message text typically references DKIM or SPF verification failure. Action: verify that the sending IP is in the SPF record and that the DKIM signing configuration is producing correctly formatted signatures. Run a test message through mail-tester.com to confirm authentication is passing correctly before proceeding with the send that generated this response.
452 4.5.3 — Too many recipients. Some ISPs limit the number of recipients per SMTP session. When MailWizz or the sending application injects messages with multiple RCPT TO recipients in a single session (for efficiency), this limit may be hit at ISPs with strict per-session recipient counts. The correct configuration response: set max-rcpt-per-message or max-msg-per-connection in the relevant domain block to stay below the ISP's limit. This code is often overlooked because it appears intermittently rather than consistently, making it hard to identify from aggregate metrics.
The Most Commonly Overlooked 5XX Codes
550 5.7.1 — Message rejected for policy reasons. This catch-all policy rejection code appears across multiple ISPs for multiple reasons: DMARC failure (the message does not pass DMARC alignment), spam content filtering (the message content matches a spam pattern), IP reputation block (the sending IP is on a reputation list the ISP uses), or blacklist hit. Reading the specific message text accompanying this code is essential — "DMARC policy violation" requires an authentication fix; "spam content detected" requires content review; "IP blocked" requires DNSBL investigation. Suppressing the recipient address in response to a 550 5.7.1 is the wrong action — the rejection is about the sending infrastructure, not the recipient's address validity.
550 5.7.26 — Unauthenticated email is not accepted. Gmail's specific rejection code for messages that fail DMARC at an enforcing policy (p=quarantine or p=reject). This code appears when the sending domain has DMARC policy at enforcement and the message does not pass DMARC alignment. Action: DMARC aggregate report investigation to identify which sending source is failing alignment, followed by SPF or DKIM configuration fix for the non-aligning source. This is not a recipient-validity issue and the recipient should not be suppressed.
550 5.7.350 — Remote server returned an error. Microsoft's relay rejection code, typically accompanied by a message that identifies whether the rejection is due to spam filtering, DMARC failure, or IP reputation. The specific sub-message text identifies the actual cause. This code is frequently misclassified as a hard bounce (invalid address) by bounce processing systems that match only on the 550 code without reading the message text, resulting in incorrect suppression of valid addresses that were rejected for infrastructure reasons.
553 5.1.3 — Bad destination mailbox syntax. The destination email address has a syntax that the receiving server considers invalid. This can occur when email addresses that passed syntax validation on entry have characters that specific ISPs do not accept — some ISPs reject addresses with unusual character combinations that RFC 5321 technically permits. Action: suppress the address and verify whether it is truly invalid or whether the ISP has stricter syntax requirements than the RFC mandates.
Table 1 — Long-tail SMTP error codes: cause, action, and suppress decision
| Code | Meaning | Correct action | Suppress recipient? |
|---|---|---|---|
| 421 4.7.0 | Throttle / rate limit | Reduce max-smtp-out; retry with backoff | No |
| 451 4.7.0 | Auth verification failure | Verify DKIM / SPF configuration | No |
| 550 5.1.1 | No such user | Suppress recipient address | Yes |
| 550 5.7.1 | Policy rejection (various) | Read message text; investigate infrastructure | No |
| 550 5.7.26 | DMARC rejection (Gmail) | Fix DMARC alignment for sending source | No |
| 550 5.7.350 | Microsoft policy rejection | Read sub-message; SNDS/DMARC investigation | No |
Building a SMTP Response Code Classification System
The correct operational response to SMTP error codes requires classifying each code not just by its numeric value but by its message text pattern and the ISP that returned it. A bounce processing system that classifies all 5XX responses as "hard bounces" and suppresses the recipient will incorrectly suppress valid addresses that received policy rejections. A system that correctly classifies 550 5.7.1 as "policy rejection, do not suppress" and 550 5.1.1 as "invalid address, suppress" provides the right operational response for each code.
PowerMTA's bounce pattern matching system allows operators to define classification rules that match on response code, ISP source, and message text patterns. The classification maps each matching pattern to a bounce type (hard, soft, policy, auth-failure) and the associated action (suppress, retry, investigate). Maintaining this classification rule set — adding new ISP-specific patterns as they are observed, reviewing misclassified codes quarterly — is part of the logging and operations maintenance that keeps the infrastructure responsive to the specific error signals each ISP generates.
The long-tail SMTP errors that operators overlook are not rare edge cases — they are the specific signals that distinguish a temporary throttle from a reputation block, a greylisting deferral from a policy rejection, and an invalid address from a valid address that was rejected for infrastructure reasons. Reading these signals correctly, classifying them accurately, and taking the ISP-specific action each requires is the operational practice that converts the accounting log from a delivery record into an active diagnostic tool that guides every infrastructure management decision.
ISP-Specific Response Code Patterns
Each major ISP has developed its own response code conventions that extend beyond the RFC standards. Understanding the ISP-specific patterns — and adding classification rules for them in the bounce processing system — provides more precise diagnostic capability than generic response code matching.
Gmail-specific patterns: Gmail's policy rejection messages follow a specific URL pattern that references Google's email policies: "https://support.google.com/mail/answer/" followed by a policy-specific numeric identifier. The specific policy number identifies whether the rejection is for authentication failure, spam classification, DMARC enforcement, or bulk sender policy. Classifying these patterns by their policy URL provides a more precise rejection type than the generic 550 5.7.1 code alone.
Yahoo-specific patterns: Yahoo's throttle responses often include session identifiers and rate-limit context in the message text: "421 4.7.0 [TSS04] Messages from [IP] temporarily deferred due to user complaints." The [TSS04] code identifies a complaint-rate-based throttle. Reading these tags in Yahoo's response text allows the bounce processor to classify Yahoo deferrals by their specific cause — [TSS04] for complaint-rate throttle, [TSS05] for spam filter deferral — which is diagnostic information unavailable from the response code alone.
Microsoft-specific patterns: Microsoft's rejection messages often reference specific policy codes in the message text that correspond to different rejection categories. The S3140 policy code indicates a URL reputation block (a URL in the message matched a spam-associated domain). The S3150 code indicates an IP reputation block. The S3250 code indicates a bulk sender volume limit. Each of these codes requires a different investigation path, and they are only distinguishable from the message text, not from the 550 response code that precedes them.
Building classification rules for these ISP-specific text patterns requires maintaining a reference library of observed response message patterns — collected from the accounting log over time — and periodically reviewing newly observed patterns against the library to add classification rules for previously-unclassified codes. This maintenance work is modest (1–2 hours per quarter) and produces progressively more precise bounce classification as the pattern library grows. The investment produces its value most clearly during deliverability investigations, when correctly classified response codes immediately identify the investigation path rather than requiring the operator to manually look up unfamiliar codes in ISP documentation.
What the Long-Tail Distribution Reveals About Programme Health
Analyzing the full distribution of SMTP response codes from the accounting log — not just the aggregate 250/4XX/5XX breakdown — reveals patterns about programme health that aggregate metrics obscure. A programme with a 97% delivery rate, when broken down by response code, might show 97% 250 OK, 1.5% 421 throttle, 0.8% 451 greylist, 0.4% 550 5.7.1 policy rejection, and 0.3% 550 5.1.1 invalid address. The aggregate "3% non-delivery" rate obscures the fact that these four different response types require four entirely different interventions.
The proportion of 550 5.7.1 policy rejections relative to 550 5.1.1 invalid-address rejections is a reputation indicator. At a well-regarded sender with clean lists, policy rejections should be near zero — all permanent failures should be invalid address rejections. A rising 550 5.7.1 proportion indicates that some fraction of delivers to valid addresses are being rejected for policy reasons — which points to reputation, authentication, or content issues that the 550 5.1.1 rate would not reveal.
The proportion of 421 throttle responses relative to 451 greylisting responses indicates whether the sending rate is properly calibrated to the ISP's throttle limits. At a correctly configured sender, 451 greylisting should be the dominant 4XX code at EU ISPs (greylisting is expected and bounded), while 421 throttle should be near zero (indicating the max-smtp-out limit is below the ISP's throttle threshold). When 421 throttle responses begin appearing at an ISP that previously showed only 451 greylisting, the sending rate has exceeded the threshold — a signal for configuration adjustment before the throttle escalates.
Reading the long-tail distribution is the SMTP-layer equivalent of reading the leading indicators in Postmaster Tools — it provides early-stage diagnostic information that precedes and predicts the aggregate performance changes that standard metrics reveal only after they have accumulated. An operator who reviews the full SMTP response code distribution weekly from the operational database, rather than only the top-level delivery and bounce rates, consistently identifies and addresses emerging problems at the signal level rather than waiting for them to manifest in delivery rate declines or reputation tier changes.
The investment in this analytical capability — building the operational database, writing the classification rules, developing the response code distribution query — is the infrastructure of email intelligence that separates operators who understand exactly what is happening in their SMTP layer from those who know only that their delivery rate is "around 96%." The long-tail errors are not a footnote to the standard metrics; they are the specific language that ISPs use to communicate the exact nature of every delivery problem. Learning to read that language is the skill that transforms deliverability management from approximate to precise.
Practical Implementation: The SMTP Error Audit
For operators who have not previously analyzed their SMTP response code distribution, a one-time audit of the past 30 days of accounting log data provides the baseline from which to build ongoing monitoring. The audit query: for each unique combination of response code and response message prefix (the first 80 characters of the SMTP response text), count the occurrences over the past 30 days. Sort by count descending. Review the top 20 code-message combinations — these represent the most common SMTP interactions in the environment.
The audit typically reveals two to three response code patterns that have been generating significant volume without specific classification or investigation. A common finding: a 421 4.7.0 response from Gmail that has been classified as "deferred, retry later" for months, accounting for 2% of all Gmail attempts — which represents significant throttle pressure that the aggregate delivery rate was absorbing without triggering an alert. The audit makes this volume visible for the first time and prompts the configuration adjustment (reducing Gmail max-smtp-out) that eliminates it.
Another common audit finding: a 550 5.7.1 policy rejection from Yahoo that has been classified as a hard bounce and suppressing the recipient address, when the message text indicates it is a spam policy rejection rather than an invalid address rejection. The audit reveals how many addresses have been incorrectly suppressed over the past 30 days, and prompts the bounce classification rule correction that prevents future incorrect suppressions.
The SMTP response code audit is a 2-hour investment that typically produces 3-5 actionable findings — specific misclassifications to correct, specific throttle patterns to configure for, and specific ISP-specific patterns to add to the classification rule set. Repeated quarterly, it catches the new ISP patterns that emerge as ISPs update their response message formats and as new ISPs enter the sending programme's audience mix through list growth. The long-tail errors that operators overlook are not subtle or hard to find — they are simply not being looked at. The audit practice is what turns looking at them into a systematic habit.
The Reference Library: Essential SMTP Error Patterns
Building a reference library of the SMTP response patterns observed in production — keyed by code, ISP, and message text pattern — is the organisational knowledge management practice that makes consistent classification possible across an operations team and over time. New team members can consult the library to understand what a specific response code means without needing to research it from scratch. Experienced operators can update the library when new ISP response patterns appear. The library grows more valuable as it accumulates patterns, and it persists through team changes rather than existing only in individual operators' memory.
The library minimum fields: response code, ISP domain pattern (e.g. *@gmail.com), message text pattern (regex), classification type (hard-bounce, soft-bounce, policy-rejection, throttle, greylist, auth-failure), recommended action, and the date the pattern was first observed. This structure supports both the bounce processing classification rules (which use the code and message text pattern for matching) and the operational reference documentation (which provides the recommended action and classification rationale for each pattern).
Email infrastructure generates a consistent set of SMTP signals. Reading those signals fluently -- knowing what each code and message text combination means, why the ISP sends it, and what the correct operational response is -- is the professional competency that makes email infrastructure management effective at scale. The long-tail errors that operators overlook are not incidental edge cases; they are specific, consistent signals that ISPs use to communicate exactly what is happening with each delivery attempt. Understanding them transforms the accounting log from a record of what happened into a guide to what needs to happen next.
Every SMTP response code is a message. Most operators read only the loudest ones. Reading the quiet ones -- the 421 throttles, the 451 greylists, the 550 5.7.1 policy rejections -- is the skill that converts raw accounting log data into specific, actionable operational intelligence. Build the classification system, run the quarterly audit, and let the SMTP response distribution tell the complete story of what every ISP thinks of every send. The long tail is where the most specific and most actionable diagnostic information lives. Stop overlooking it.
The difference between a 96% delivery rate and a 99% delivery rate is often not a reputation problem or a list quality problem -- it is a collection of specific, correctable SMTP-layer issues that classification and attention would have resolved months earlier. The accounting log has always contained the answer. The long-tail audit makes it readable.
Infrastructure Assessment
Our managed infrastructure includes a production-grade SMTP response classification system with ISP-specific patterns for Gmail, Yahoo, Microsoft, and major EU ISPs — distinguishing between bounce types that require suppression and error conditions that require infrastructure investigation. Request assessment →