If emails you are sending from your hosting account are bouncing back, being blocked, or not arriving at their destination, this article will help you identify the cause and resolve it.
Step 1: Read the bounce message carefully
When an email is rejected, the mail system sends a bounce or non-delivery report (NDR) back to the sender. The most important part is the three-digit SMTP status code and the accompanying text.
| Error code | What it means |
|---|---|
| 550 5.7.1 [ESA] Sender blocked | The sending server’s IP has been added to a blocklist. Raise a support ticket and we will investigate. |
| 550 5.1.2 Sender Domain Not Found | The From address uses a domain with no DNS records. Check your domain is live and has an MX record. |
| 550 5.7.1 DMARC policy | Your email failed DMARC alignment. See the DMARC section below. |
| 554 Message not allowed | The receiving server (often Yahoo or AOL) has rejected the message for policy reasons, usually SPF or DKIM related. |
| 421 Too many connections | The receiving server is temporarily refusing connections. Try resending after a short wait. |
Step 2: Check your SPF, DKIM and DMARC records
The majority of rejected emails are caused by missing or misconfigured email authentication records. These DNS records tell receiving mail servers that your domain has authorised the sending server.
SPF (Sender Policy Framework)
SPF tells receiving servers which IP addresses are allowed to send email on behalf of your domain. To check yours:
- Log in to your control panel and open the DNS zone editor for your domain
- Look for a TXT record starting with
v=spf1 - If no SPF record exists, contact support for the correct value for your server
DKIM (DomainKeys Identified Mail)
DKIM adds a cryptographic signature to outgoing emails so receiving servers can verify the message has not been tampered with.
- cPanel hosting: enable DKIM under Email > Email Deliverability
- DirectAdmin hosting: manage DKIM under Email Manager > DKIM
- Cloud hosting: DKIM is configured within the mail settings for your account in the Cloud control panel
If DKIM is enabled in your control panel but emails are still failing DKIM checks, the DKIM DNS record may not be published in your active DNS zone. This happens when your domain’s nameservers are pointing to a third party rather than to our servers. You will need to add the DKIM TXT record manually in whichever DNS zone is currently active for your domain.
DMARC
DMARC is a policy record that tells receiving servers what to do when SPF or DKIM checks fail. If your emails are being rejected due to DMARC policy, the most common cause is sending from an address whose From domain does not match the domain used to sign the message with DKIM. This often happens when using a third-party sender (such as a CRM or newsletter tool) without setting up DKIM on that platform for your domain.
You may receive DMARC aggregate report emails from Google or Microsoft if your domain has a DMARC record with an rua reporting address set. These are informational, not errors. See our article on quarantine notification emails for more information.
Step 3: Check whether your sending IP is on a blocklist
If you are seeing a 550 Sender blocked error, your server’s IP address may have been added to an email reputation blocklist. This can happen if:
- A mailbox on your account sent a large volume of email in a short period
- An email account was compromised and used to send spam
- Your server’s reverse DNS (PTR record) is not correctly configured
Raise a support ticket with the full bounce message and we will investigate and, where appropriate, request removal from the blocklist.
Step 4: Check your sending limits
Shared hosting accounts have a limit on the number of emails that can be sent per day. If you have exceeded this limit, further sends will be queued or rejected until the following day. See our article on email sending limits for more information.
