SMTP

SMTP Error 553

SMTP Error 553 means "mailbox name not allowed" (RFC 5321). Learn the two real causes — bad address syntax vs. sender/relay rejection — and how to fix each.

Updated Jul 1, 2026

The short answer

SMTP 553 is a permanent (5xx) reply defined in RFC 5321 as "Requested action not taken: mailbox name not allowed," returned when the server rejects the address in MAIL FROM or RCPT TO. In practice it means either the address is syntactically invalid, or the server won't let you send from/relay through it. Fix it by correcting the address syntax and authenticating with a sender address you're allowed to use.

SMTP reply 553 is a permanent negative completion reply. RFC 5321 §4.2.3 defines it as:

553 Requested action not taken: mailbox name not allowed (e.g., mailbox syntax incorrect)

It is returned in response to a MAIL FROM: or RCPT TO: command. The receiving (or your outbound) server is telling you it will not accept the address you supplied. Because it is a 5xx code, it is a hard failure — retrying the same message unchanged will not help.

What causes SMTP Error 553?

There are two distinct root causes, and the wording after 553 tells you which one you hit:

1. The mailbox/address is syntactically invalid (the literal RFC meaning). The address in MAIL FROM or RCPT TO is malformed: a missing or extra @, a missing top-level domain, illegal or hidden characters (zero-width or non-breaking spaces pasted from a CRM), or a display-name string passed where a bare address belongs. The SMTP envelope expects the bare address user@example.com — passing "John Doe" <user@example.com> into RCPT TO can trip this.

2. The sender address or relay is not permitted (the most common real-world case). Here the address is well-formed, but the server refuses to send from or relay through it. Typical wordings:

  • 553 Sender address rejected: not owned by user — Postfix reject_sender_login_mismatch: you authenticated as one account but set MAIL FROM to an address that account doesn't own.
  • 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) — you tried to relay to an external domain without authenticating. This exact string is documented in Microsoft's guidance on 550/553/relay-prohibited errors. Note: some servers phrase the same underlying cause (unauthenticated relay) as 550 ... Relaying Denied instead — same root cause, different code.
  • 553 5.1.8 ... MAIL-FROM domain does not exist in DNS — the envelope-from domain has no resolvable A/AAAA/MX record.

Note: some senders see 553 codes carrying enhanced status codes (RFC 3463) like 5.1.x (addressing) or 5.7.1 (policy). The enhanced code is the most precise diagnostic — read it before acting.

How do I fix SMTP Error 553?

Work the cause that matches your error text:

If the address is malformed (syntax):

  1. Validate the exact RCPT TO / MAIL FROM value — not the display name. Confirm one @, a real TLD, and no leading/trailing whitespace.
  2. Strip hidden characters. Re-type the address by hand rather than pasting; addresses copied from spreadsheets or rich-text fields often carry zero-width or non-breaking spaces.
  3. Pass only the bare address into the envelope. Keep "John Doe" <…> formatting in the To: header, never in the SMTP command.

If the sender/relay is rejected:

  1. Authenticate. Configure SMTP AUTH with valid credentials. For Gmail/Google Workspace, use an App Password (requires 2-Step Verification) or OAuth2. Google has phased out password-only "Less Secure Apps" access — personal accounts since May 2022, and Google Workspace fully by May 2025 — so that toggle no longer exists on either. Use port 587 (STARTTLS) or 465 (implicit TLS); both are valid per RFC 8314.
  2. Match the From to an address you own. Set MAIL FROM (and the visible From:) to an address the authenticated account is authorized to send as. With Postfix smtpd_sender_login_maps, the login must be permitted for that sender.
  3. Verify envelope-from DNS if you see 5.1.8 — ensure the MAIL-FROM domain resolves (A/AAAA or MX).
  4. Authenticate your domain (SPF, DKIM, DMARC) so downstream servers accept the sender.

With Courier

When Courier sends email through your configured SMTP/ESP provider, a 553 surfaces in the message logs as a provider-side rejection. Resolve it in the provider, not in Courier: confirm the API/SMTP credentials authenticate, the configured From/sender domain is verified and owned, and any test recipient address is well-formed. Once the provider accepts the sender, re-send.

FAQ

Common questions

No. Both are permanent 5xx failures, but 550 generally means the mailbox is unavailable or the message was rejected by policy, while 553 specifically means the mailbox name/address was not allowed — usually invalid syntax (RFC 5321 §4.2.3) or a sender/relay that isn't permitted.

One API, every provider

Stop debugging raw provider errors

Courier connects to your email, SMS, and push providers, handles retries and failover, and surfaces delivery errors in plain language.

Reply-code definitions per RFC 5321 §4.2.3. Last reviewed Jul 1, 2026. Courier is not affiliated with third-party providers; error behavior may vary by implementation.