SMTP

SMTP Error 502

SMTP Error 502 means the server understood the command but doesn't implement it (RFC 5321). Learn the real causes — disabled VRFY/EXPN/AUTH — and how to fix it.

Updated Jul 1, 2026

The short answer

SMTP 502 is a permanent reply code meaning "Command not implemented" (RFC 5321 §4.2.4): the server recognized the command but does not support or has disabled it. It commonly hits VRFY, EXPN, ETRN, HELP, or AUTH that an admin turned off. Fix it by removing or replacing the unsupported command in your client/script, or use a relay that implements it.

SMTP Error 502 is a permanent negative reply defined in RFC 5321 §4.2.4 with the text "Command not implemented." The leading 5 makes it permanent (retrying the same command will fail again), and the middle 0 places it in the syntax/unimplemented-command group. In practice it means: the server parsed your command fine, it just doesn't offer that command — either it was never implemented, or an administrator disabled it.

You'll often see it with an enhanced status code, e.g. 502 5.5.1 Command not implemented. In RFC 3463 the leading 5 is the "Permanent Failure" class and the .5. subject is "Mail Delivery Protocol Status"; detail code 5.5.1 ("Invalid command") is the natural pairing for a 502, since the command is recognized but unsupported.

What causes SMTP Error 502?

  • A disabled diagnostic command. VRFY (verify address) and EXPN (expand mailing list) are very commonly turned off to prevent address harvesting. RFC 5321 §3.5.3 explicitly says a server that won't do the work "SHOULD" answer with 502. HELP and ETRN are also frequently disabled.
  • An unsupported AUTH mechanism (or AUTH not enabled at all). If your client issues AUTH LOGIN/AUTH PLAIN and the relay never advertised AUTH in its EHLO response (or only supports a different mechanism such as XOAUTH2), you can get a 502.
  • A relay that intentionally implements only a minimal command set. Hosted relays (Amazon SES, SendGrid, Mailgun, etc.) accept the commands needed to submit mail and reject extras.
  • A library or script using an old/uncommon command the modern server no longer implements.

A subtle distinction: 502 is not "out of order." If you send RCPT TO before MAIL FROM, the server returns 503 Bad sequence of commands (RFC 5321 §3.3), not 502. And if the command itself is malformed or unknown, you get 500 Syntax error, command unrecognized. 502 specifically means "valid, known command — but I don't do that one." Note the original "valid but not yet activated" phrasing is imprecise: the command does not have to be temporarily inactive; it may simply never be supported.

How do I fix SMTP Error 502?

  1. Read the full response line and your SMTP log. It names the command that was refused (e.g. 502 5.5.1 VRFY command is disabled). That command is the whole problem.
  2. Reproduce the dialogue manually. Connect with openssl s_client -starttls smtp -connect smtp.example.com:587 (or -connect host:465 for implicit TLS) and issue EHLO yourdomain.com. The 250- lines list exactly which extensions/commands the server advertises — if your command isn't there, it isn't implemented.
  3. Remove or replace the unsupported command.
  4. For VRFY/EXPN: stop calling them. They are optional and routinely disabled; don't rely on them to validate recipients.
  5. For AUTH: use a mechanism the server advertised. For Gmail/Google Workspace that means an App Password (with 2-Step Verification) or OAuth2/XOAUTH2. Google removed "Less Secure Apps" for personal Gmail accounts in 2022; Google Workspace phased out the same password-based access on a later timeline, fully ending by May 2025. Ports 587 (STARTTLS) and 465 (implicit TLS) are both valid.
  6. Update an old SMTP library/client if it emits a legacy command.
  7. If you control the server, enable the command in your MTA config (e.g. Postfix disable_vrfy_command = no) — but leave VRFY/EXPN disabled if they were off for anti-harvesting reasons.
  8. If using a managed relay, confirm the feature is supported on your plan; contact the provider's support if a documented command returns 502.

With Courier

If you send through Courier's Email channel, Courier manages the SMTP conversation with your configured provider, so application code never issues raw VRFY/EXPN/AUTH commands. A 502 surfaced in provider logs points at the upstream provider's configuration or credentials — fix it there, then resend.

FAQ

Common questions

Permanent. The leading 5 marks it as a permanent negative completion reply per RFC 5321 §4.2.4, so resending the same command will fail again. You must change or remove the command rather than retry.

One API, every provider

Stop debugging raw provider errors

Courier connects to your email, SMS, and push providers, handles retries and failover, and surfaces delivery errors in plain language.

Reply-code definitions per RFC 5321 §4.2.4. Last reviewed Jul 1, 2026. Courier is not affiliated with third-party providers; error behavior may vary by implementation.