Error Code explanator
Mail delivery error codes
This page explains the public error codes that may appear in SMTP rejection messages or bounce reports from our mail system.
The code is the most important part of the error. Please include it when opening a support ticket.
What the code means
| Code family | Meaning |
|---|---|
0xAF.... |
Authentication-related rejection. The mail client logged in, or tried to log in, but the action was not allowed. |
0xFF.... |
Delivery was rejected because the connection, sender, recipient, message structure, or message reputation failed a security check. The sending IP may also be blocked. |
0xEE.... |
Internal spam-scoring reference. This is usually not shown to end users, but include it if it appears in logs or a bounce. |
0xCC.... |
Informational tracking code. This is not normally an error. |
A single message may trigger more than one internal rule. The final visible code is the one support needs first.
Before opening a ticket
Please check the common causes first:
- Make sure your mail client uses TLS/SSL for sending mail.
- Make sure the username and password are correct.
- Make sure the
Fromaddress matches the mailbox or alias you are allowed to send from. - If you operate a mail server, check that DNS, SPF, DKIM, DMARC, reverse DNS, and HELO/EHLO identity are configured correctly.
- Check that the message has normal headers such as
From,To,Date, andMessage-ID. - Remove suspicious attachments or resend without attachments for testing.
What to include in a support ticket
Please include:
- the full error code, for example
0xFF1331; - the complete bounce text or SMTP error message;
- sender address;
- recipient address;
- date and time, including timezone;
- sending IP address, if known;
- whether the sender was using a mail client login or sending from another mail server;
- message headers, if available;
- whether this is a one-time issue or affects all mail from that sender.
Do not send passwords in tickets.
Authentication and login-related errors
0xAF1001 / 0xFF1001 — Sending without TLS/SSL
The mail client attempted to authenticate without a secure TLS/SSL connection.
What to do: Enable SSL/TLS in the outgoing mail server settings. Use the secure submission settings provided by the service administrator.
0xFF1002 — Too many failed login attempts
There were too many failed authentication attempts from the same network source.
What to do: Check the username, password, and saved mail-client settings. If several devices use the same account, check all of them. Open a ticket if the IP remains blocked after correcting the settings.
0xFF1003 — Insecure authentication attempt detected
The server observed an authentication attempt without the required secure connection.
What to do: Check the outgoing server security settings and make sure TLS/SSL is enabled.
0xAF1201 / 0xFF1201 — Authenticated sending requires encryption
The account attempted to send mail while authenticated, but the sending connection was not encrypted.
What to do: Enable TLS/SSL for outgoing mail.
0xAF1313 / 0xFF1313 — Too many recipients while authenticated
An authenticated sender attempted to send to an unusually large number of recipients in one transaction.
What to do: Split the message into smaller recipient groups or use an approved mailing-list system.
0xAF1320 / 0xFF1320 — Sender domain is not allowed for this account
The authenticated account attempted to send mail using a sender domain it is not allowed to use.
What to do: Use the correct mailbox address or contact support to configure an authorized alias.
0xAF1321 / 0xFF1321 — Sender address is not allowed for this account
The authenticated account attempted to use a different sender address without authorization.
What to do: Use the account’s own address or request permission for the alias.
0xAF1322 / 0xFF1322 — Sender alias is not authorized
The authenticated account attempted to use a sender alias that is not on the approved sender list.
What to do: Ask support to add the alias if it is legitimate.
0xAF1520 / 0xFF1520 — Message From domain is not allowed
The message header From domain does not match the domain allowed for the authenticated account.
What to do: Check the From address configured in the mail client or application.
0xAF1521 / 0xFF1521 — Message From address is not allowed
The authenticated account attempted to send a message with a From address it is not allowed to use.
What to do: Use the correct mailbox address or request authorization for the alias.
0xAF1522 / 0xFF1522 — Message From alias is not authorized
The message header From address is not on the approved list for this authenticated account.
What to do: Ask support to add the alias if it is legitimate.
Connection and server-identity errors
0xFF1101 — Suspicious HELO/EHLO name
The sending server identified itself with a name that is commonly invalid or misleading.
What to do: If you run the sending server, check its hostname and HELO/EHLO configuration.
0xFF1102 — HELO/EHLO matches our server name
The sending server claimed to be our mail server.
What to do: If this is a legitimate server, correct its HELO/EHLO hostname.
0xFF1103 — HELO/EHLO uses one of our local domains
The sending server used a local domain name that it should not claim as its own.
What to do: Correct the sending server hostname.
0xFF1104 — HELO/EHLO uses a local IP address
The sending server identified itself using an address reserved for our infrastructure.
What to do: Correct the sending server HELO/EHLO identity.
0xFF1105 — Missing HELO/EHLO greeting
The sending server did not provide a normal HELO/EHLO greeting.
What to do: Check the sending mail server software and SMTP configuration.
0xFF1106 — HELO/EHLO uses a bare IP address
The sending server used an IP address instead of a proper hostname.
What to do: Configure a valid hostname for the sending server.
0xFF1107 — HELO/EHLO uses an IP-literal format
The sending server used an IP-style HELO/EHLO name. This is often accepted only in limited cases.
What to do: Configure a proper hostname and matching DNS.
0xFF1203 — TLS SNI problem
The secure connection contained an invalid or suspicious TLS server-name value.
What to do: Check the mail client, proxy, or sending application TLS configuration.
0xFF1204 — TLS peer identity problem
The secure connection contained an invalid or suspicious peer identity value.
What to do: Check the TLS certificate and sending application configuration.
Sender, recipient, and relay errors
0xFF1205 — Sender verification problem
The envelope sender could not be verified or appeared invalid.
What to do: Check that the sender domain exists and has valid DNS/mail records.
0xFF1302 — Sender or domain is blocked
The sender or sender domain is on a block list.
What to do: Open a ticket if you believe the block is incorrect.
0xFF1303 — Invalid recipient address characters
The recipient address contains characters or formatting that are not accepted.
What to do: Check the recipient address for typos or unusual characters.
0xFF1304 — Invalid recipient local part
The recipient mailbox name has invalid formatting.
What to do: Check the recipient address.
0xFF1305 — Invalid bounce message
A bounce-style message was rejected because it did not match expected validation.
What to do: If you operate the sending system, check bounce handling and envelope sender behavior.
0xFF1306 — Bounce validation failed
A bounce-style message failed validation.
What to do: Check the sending system’s bounce handling.
0xFF1307 — Too many recipients for this sender type
A bounce or postmaster-style sender attempted to deliver to too many recipients.
What to do: Check the sending system for misconfigured bounce generation.
0xFF1308 — Missing reverse DNS
The sending IP address does not have suitable reverse DNS.
What to do: Ask the sending server operator or hosting provider to configure reverse DNS/PTR records.
0xFF1309 — Missing reverse DNS for sensitive recipient
A message to a sensitive mailbox such as abuse or postmaster came from a host without suitable reverse DNS.
What to do: Configure reverse DNS for the sending IP address.
0xFF1311 — Abuse/postmaster address must use the canonical domain
The message was sent to an abuse or postmaster address on a non-canonical local domain.
What to do: Send the message to the canonical abuse or postmaster address shown in the rejection text.
0xFF1312 — Recipient domain is blocked
The target domain is blocked by local policy.
What to do: Open a ticket if you believe the block is incorrect.
0xFF1330 — Relay not permitted
The sender attempted to send through our server without permission.
What to do: If you are a user, enable SMTP authentication in your mail client. If you operate another server, deliver directly to the recipient domain instead of relaying.
0xFF1331 — Sender authentication/reputation problem
The sending domain’s SPF result or sender authentication status contributed to rejection.
What to do: Check the sending domain’s SPF record and make sure the sending server is authorized to send for that domain.
0xFF1332 — Delayed bounce rejected
A bounce-style message was rejected because it appeared to target a nonlocal or invalid destination.
What to do: Check the sending system’s bounce generation and routing.
Attachment errors
0xFF1401 — Attachment type is not permitted
The message contains an attachment type that is not allowed by policy.
What to do: Remove the attachment, compress it into an approved format if allowed, or send it through an approved file-sharing method.
Message header and content errors
0xFF1501 — Multiple From headers
The message contains more than one From header.
What to do: Check the sending application. A normal email should have only one From header.
0xFF1502 — Multiple Subject headers
The message contains more than one Subject header.
What to do: Check the sending application or script.
0xFF1503 — Multiple To headers
The message contains more than one To header.
What to do: Check the sending application or script.
0xFF1504 — Message authentication failed
The message failed authentication checks that are commonly used to detect forged mail.
What to do: Check DKIM/ARC signing and forwarding behavior on the sending system.
0xFF1505 — Forged local sender header
The message used a local-looking sender header that is not allowed from external mail.
What to do: Correct the From header. If this is a legitimate internal application, send it through authenticated submission.
0xFF1506 — Malware detected
The message was rejected because malware was detected.
What to do: Do not resend the same file. Scan the system that produced the message and contact support if you believe this is a false positive.
0xFF1507 — Header syntax problem
The message headers are malformed.
What to do: Check the sending application or mail server.
0xFF1508 — Suspicious undisclosed-recipient message
The message used undisclosed-recipient formatting in a context that is restricted.
What to do: Use a clear recipient address or an approved mailing-list tool.
0xFF1509 — DMARC quarantine-related rejection
The sender domain’s DMARC policy or authentication result contributed to rejection.
What to do: Check SPF, DKIM, and DMARC alignment for the sending domain.
0xFF1510 — DMARC reject policy failed
The message failed the sender domain’s DMARC policy.
What to do: The domain owner or mail administrator must fix SPF/DKIM alignment or sending authorization.
0xFF1511 — Invalid From header address
The message has a From header, but it does not contain a valid address.
What to do: Fix the sender address in the sending application or mail client.
0xFF1512 — Invalid Reply-To header address
The message has a Reply-To header, but it does not contain a valid address.
What to do: Fix the reply-to address in the sending application or mail client.
0xFF1513 — Invalid Sender header address
The message has a Sender header, but it does not contain a valid address.
What to do: Fix the sending application or mail server configuration.
0xFF1514 — Suspicious Message-ID
The message used a Message-ID pattern that appears forged or invalid for external mail.
What to do: Check the sending application and make sure it generates proper Message-ID headers.
0xFF1530 — Restricted subject encoding for sensitive recipient
The message used restricted subject encoding when sending to a sensitive mailbox such as abuse or postmaster.
What to do: Send the message in plain English text if possible, or open a ticket with the original message attached.
0xFF1531 — Blind bounce rejected
A bounce-style message was rejected because it appeared unsafe or incomplete.
What to do: Check the sending system’s bounce handling.
0xFF1532 — Unsigned bounce rejected
A bounce-style message was rejected because it did not contain expected validation.
What to do: Check the sending system’s bounce handling.
0xFF1540 — Sender domain mismatch
The envelope sender domain and visible From header domain did not match closely enough.
What to do: Check the sending service, forwarding path, and sender-domain configuration.
0xFF1541 — Missing standard message headers
The message is missing normal headers such as Message-ID or Date.
What to do: Check the sending application or script.
0xFF1542 — Possible brand or identity impersonation
The message appears to reference a protected local identity in a way that may be misleading.
What to do: If this is legitimate, open a ticket with the full message headers.
0xFF1543 — Sending path reputation problem
One or more public IPs in the message path had a poor reputation or appeared on a block list.
What to do: The sending mail administrator should check public reputation listings and the sending path.
0xFF1544 — Recipient not visible in To/Cc
The local recipient was not visible in the To or Cc headers. This can be normal for BCC, mailing lists, and notification mail, but it may contribute to rejection together with other signals.
What to do: If this is legitimate mail, open a ticket with the full headers and mention whether it was BCC, list mail, or automated notification mail.
0xFF1545 — Missing DMARC record
The sender domain does not appear to publish a DMARC policy, or the policy could not be evaluated.
What to do: The domain owner should publish a valid DMARC record.
0xFF1546 — Suspicious mail client or generator
The message appears to have been generated by old, suspicious, or unusual mail software.
What to do: Update the sending mail client or application and resend.
DKIM-related errors
0xFF2001 — Invalid DKIM signature
The message contained a DKIM signature, but it was invalid.
What to do: The sending domain administrator should check DKIM signing, DNS records, and any system that modifies messages after signing.
0xFF2003 — DKIM failed without trusted forwarding protection
The message failed DKIM and did not have enough trusted forwarding information to compensate.
What to do: Check DKIM signing and forwarding systems.
0xFF2004 — Missing DKIM signature
The message did not contain a DKIM signature. This is not always an error by itself, but it may contribute to rejection together with other signals.
What to do: The sending domain administrator should enable DKIM signing.
If you believe a rejection is wrong
Open a support ticket and include the details listed above. If the rejection involves another mail provider, ask that provider or sender to include the SMTP response and full message headers.
We cannot remove security checks based only on a screenshot. The full code, sender, recipient, time, and message headers are needed to investigate safely.