Bobcares

Error “550 xxxx is not allowed to send mail from” – 3 Causes and Fixes

by | Oct 6, 2018

Bobcares.com provides Outsourced Hosting Support to Web hosts and other hosting providers.

And as part of our services, we resolve technical support queries posted by hosting users.

A common email bounce error we see in support requests is:

This is an SMTP server at mx.sender.com

Your message could not be delivered to the following address: <recipient@domain2.com>

from <sender@domain1.com>
to <recipient@domain2.com>
Connected to recipient-mx.com:yy.yy.yy.yy but sender was rejected. STARTTLS proto=TLSv1.2; cipher=DHE-RSA-AES256-SHA.
Remote host said: 550 5.1.0 xx.xx.xx.xx is not allowed to send from <domain1.com> per it's SPF Record. Please inspect your SPF settings, and try again.

This means that the mail failed an anti-spam check called SPF, and it was rejected by the recipient’s server.

 

What is the error “550 5.1.0 [ IP ] is not allowed to send from”?

Many mail servers use an anti-spam defense called SPF (Sender Policy Framework).

Using SPF, mail servers will check if an incoming mail is sent from an “authorized” mail server. For this it uses a DNS record called SPF.

SPF records are set by default by many hosting providers, and contains the website’s IP address (A record) and the domain’s mail server IPs (MX records).

For eg. here’s a typical SPF record:

$ dig +short txt bobcares.com 
"v=spf1 a mx ip4:20.235.161.202 -all"

This means that mail servers will check if a mail coming from <any-name>@bobcares.com originated from any of these:

  • 20.235.161.202
  • IP in A record
  • IP in MX record

If the mail originated from some other IP, it is considered a forged mail, and discarded.

SPF errors might also be shown as:

SMTP error from remote server for RCPT TO command, host: recipient-mx.com (yy.yy.yy.yy) reason: 550 : SPF: xx.xx.xx.xx is not allowed to send mail from sender@domain1.com
sender@domain1.com: SMTP error from remote server for RCPT TO command, host: recipient-mx.com (yy.yy.yy.yy) reason: 550 xx.xx.xx.xx is not allowed to send mail from domain1.com

 

What are the causes of “[ IP ] is not allowed” error

SPF checks rely on the proper configuration and functioning of DNS.

We’ve seen a wide range of causes for SPF fail that includes name server errors, domain expiration, DNS errors and more.

However, most support issues are caused by these 3 errors:

 

1. Wrong entry in MX or A records

SPF records can be a bit confusing.

We’ve seen VPS users and Shared hosting users set wrong entries, usually when they have recently switched servers.

Users forget to update the IP in SPF records, which causes mails from the new servers to be rejected.

Solution : We fix this issue by setting the right IP in SPF, and by including A and MX records in the list.

 

2. Missing SPF record for external MX

Many businesses use Google Apps and similar services to host their mail.

But if Google mail servers are not included in the SPF record, the mail will fail.

Solution : This issue is fixed by Including the external mail service IP or their domain name in the SPF record, like so:

v=spf1 a mx include:_spf.google.com -all

 

3. Name server downtime or syncing issues

Almost all hosting providers use multiple servers to serve DNS records.

DNS entries updated in one server automatically syncs to all others.

But there are cases where new SPF entries has failed to sync or the DNS servers were unreachable. This causes the SPF record lookup to fail, and the mail to bounce.

Solution : Name servers can fail due to many reasons such as network errors, config issues, authentication issues, etc. We analyze the events in server log, fix the exact cause, and fix the issue.

 

Conclusion

“550 xxxx is not allowed to send mail from” is en email bounce error caused when the sender’s IP address do not match the IPs in SPF records. Here we’ve discussed 3 causes for this error, and how we fix them.

 

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

SEE SERVER ADMIN PLANS

var google_conversion_label = "owonCMyG5nEQ0aD71QM"; #olark-wrapper .olark-launch-button,#olark-wrapper .olark-attention-grabber,#olark-wrapper .olark-attention-grabber-img,#olark-wrapper .olark-bounding-box { display: none !important; }

4 Comments

  1. Dieter

    I think I found something useful. I have couple of email domains on my mailserver. I wanted to secure the DNS entries and was wondering how the correct syntax is for the “include:_spf.google.com” if i replace it with my domain of the mail server which is sitting on a different domain would it work? or do i need to create a “_spf” TXT record over there? is the “_spf” looking for an spf record?

    Reply
    • Sijin George

      Hello Dieter,
      Our Expert Engineers can help you with custom SPF settings. We’ll be happy to talk to you on chat (click on the icon at right-bottom).

      Reply
  2. Charlie Arehart

    This is a helpful post. Thanks. Can you add a clarification, though? If one needs to add some other server in addition to what it already there? Can we add multiple IPs? multiple includes? Or must each be a new record?

    To be clear, I’m not a customer, and I will keep looking for that answer, and may find it before you offer it. But as your post comes up first in a search on this error, your clarification here could help many readers. 🙂

    Reply
    • Sijin George

      Hello Charlie,
      Thank you for your feedback. It is indeed possible to have multiple IPs in the SPF record of a domain. Let us know if you need help in setting an SPF record.

      Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF