SMTP Error 554

SMTP 554 permanently rejects a message. The real cause is in the enhanced code — fix auth, SPF/DKIM/DMARC, reputation, or the recipient address it names.

Updated Jul 1, 2026

The short answer

SMTP error 554 is a permanent rejection (RFC 5321 "Transaction failed") meaning the receiving server refused the message outright and will not retry. It is the most generic 5xx code, so the real reason lives in the enhanced status code and text after it (e.g. 5.7.1 relay/policy denied, content or reputation blocks). Read that suffix, then fix authentication, reputation, or the recipient address it names.

SMTP reply code 554 is defined in RFC 5321 §4.2.3 as "Transaction failed" (or, when returned in place of the 220 greeting on connection, "No SMTP service here"). Because the first digit is 5, it is a Permanent Negative Completion reply — the receiving server has rejected the message for a reason it considers permanent, so a well-behaved sender should not retry the same message unchanged.

554 is the least specific of the permanent codes. Unlike 550 ("mailbox unavailable") or 552 ("storage exceeded"), 554 is the server's catch-all "I refuse this transaction." That means the actionable information is almost never in the number 554 itself — it is in the enhanced status code (RFC 3463, e.g. 5.7.1) and the free-text message that follow it.

What causes SMTP error 554?

The 554 line you received falls into one of a few distinct buckets. Identify yours from the text after the code:

  • 554 5.7.1 ... relay access denied / not permitted — relay/authorization refusal. The server will not relay mail for you. Per RFC 5321 this is the classic "you are not an authorized sender for this hop." Usually SMTP AUTH is off or wrong, or you're sending to a domain the server doesn't accept (e.g. an Exchange host whose Accepted Domains list doesn't include the recipient).
  • 554 5.7.1 / 5.7.0 ... blocked, policy, spam, or reputation. The message passed auth but the receiver's content/anti-spam/policy layer rejected it. Sender IP or domain reputation, blocklisting, failing DMARC alignment, or spammy content are typical triggers.
  • 554 5.7.1 after DATA with "no valid recipients." RFC 5321 lets a server answer DATA with 554 when every RCPT TO was already rejected — i.e. the recipient address was bad or refused.
  • 554 5.3.4 Message too big for system — size limit. The message exceeds the receiver's maximum.
  • 554 with no enhanced code ("Mail refused"). Providers like SendGrid return a bare 554 Mail refused as a generic permanent failure; treat it as a bounce and suppress that recipient.

How do I fix SMTP error 554?

1. Read the full response line first. Capture everything after 554 — the enhanced code and text are the diagnosis. Steps below map to the buckets above.

2. If it says relay access denied / not authorized: turn on SMTP authentication in your client or app and send valid credentials over a submission port — 587 (STARTTLS) or 465 (implicit TLS); both are valid per RFC 8314. For Gmail / Google Workspace, use an App Password (with 2-Step Verification) or OAuth2 — Google removed "Less Secure Apps," so basic password auth will not work. If you run your own server, confirm the recipient domain is in its accepted/relay domains.

3. If it's a policy / reputation / spam block: authenticate your domain end-to-end — publish a valid SPF record, sign with DKIM (RFC 6376, using SHA-256 per RFC 8301 — avoid the deprecated rsa-sha1), and ensure DMARC passes with alignment (RFC 9989, which obsoletes the older RFC 7489). Check your sending IP/domain against blocklists with MXToolBox and request delisting where warranted. Warm up new IPs, prune unengaged recipients, and review content for spam triggers.

4. If it names a bad/invalid recipient: verify the address for typos and remove dead addresses; never re-send to an address that returned a permanent 554.

5. If it's 5.3.4 too big: reduce attachment/message size or host large files behind a link.

6. Don't auto-retry. 554 is permanent. Fix the underlying cause, suppress the address, and only re-send after the root cause is resolved.

With Courier

When you send email through Courier, a downstream provider (SendGrid, Amazon SES, Mailgun, etc.) performs the SMTP delivery. A 554 surfaces on the message's delivery status / webhook with the provider's full reason string. Open the message in Logs, read the provider's verbatim 554 text to identify the bucket above, then fix authentication or domain reputation at the provider — for relay/auth-style 554s, confirm your sending domain is verified and authenticated in that provider's dashboard.

References

Authoritative sources

RFC

RFC 5321 - Simple Mail Transfer Protocol (reply codes, §4.2.1 / §4.2.3)

RFC

RFC 3463 - Enhanced Mail System Status Codes

RFC

RFC 8314 - TLS for Email Submission and Access (ports 465/587)

DOCS

SendGrid (Twilio) - SMTP Errors and Troubleshooting (554 Mail refused)

WIKI

List of SMTP server return codes - Wikipedia

RFC

RFC 7208 - Sender Policy Framework (SPF)

RFC

RFC 6376 - DomainKeys Identified Mail (DKIM)

RFC

RFC 8301 - Cryptographic Algorithm and Key Usage Update to DKIM

RFC

RFC 9989 - Domain-based Message Authentication, Reporting, and Conformance (DMARC)

FAQ

Common questions

Permanent. The leading 5 makes it a Permanent Negative Completion reply under RFC 5321, so the server will not retry. Resend only after fixing the underlying cause (auth, reputation, address, or size); never auto-retry the same message.

Both are permanent 5xx rejections, but 550 specifically means the recipient mailbox is unavailable (not found, no access, or policy-rejected), while 554 is the generic 'Transaction failed' catch-all. With 554 you must read the enhanced status code and text to learn the real reason.

The receiving server refused to relay your message because it does not recognize you as an authorized sender. Enable SMTP authentication with valid credentials on port 587 or 465, and ensure the recipient domain is accepted by that server.

Keep going

Related SMTP errors

550

SMTP Error 550

553

SMTP Error 553

541

SMTP Error 541

SMTP error: data not accepted

SMTP error from the remote mail server after end of data

View all errors →

One API, every provider

Stop debugging raw provider errors

Courier connects to your email, SMS, and push providers, handles retries and failover, and surfaces delivery errors in plain language.

Start building freeRead the docs

Reply-code definitions per RFC 5321 §4.2.3. Last reviewed Jul 1, 2026. Courier is not affiliated with third-party providers; error behavior may vary by implementation.

Multichannel Notifications Platform for SaaS

Products

Platform

Integrations

Customers

Blog

API Status

Subprocessors

© 2026 Courier. All rights reserved.