What is the difference between a hard bounce and a soft bounce?

A hard bounce is a permanent failure returned by the receiving server with a 5xx SMTP code — the address does not exist, the domain has no MX, or the recipient is blocked. A soft bounce is a temporary failure with a 4xx code: full mailbox, throttling, greylisting, or a transient DNS issue. Hard bounces should be suppressed immediately. Soft bounces should be retried with backoff and only suppressed after repeated failure over several days.

How many soft bounces should I tolerate before suppressing an address?

A common policy is to suppress after 4 to 7 consecutive soft bounces across at least 72 hours, or after a single 4xx response that has persisted for more than five days. The exact threshold depends on volume and the specific 4xx code: a persistent 421-4.7.0 from Gmail is a reputation signal, not a mailbox problem, and should not auto-suppress the recipient — it should pause the campaign.

Why does a 5.7.1 bounce happen even when the address is real?

5.7.1 is a policy rejection, not an address rejection. The recipient exists, but the receiving server refused the message for authentication, content, or reputation reasons. Common triggers include missing or failing DMARC alignment, a blocked sending IP, a blacklisted From domain, or content that matches a spam filter rule. Do not suppress the recipient — fix the sender-side issue.

What does 550-5.7.26 from Gmail mean?

5.7.26 means Gmail rejected the message because it did not pass either SPF or DKIM alignment with the From domain. As of Gmail's 2024 bulk sender enforcement, unaligned mail from senders over 5,000 messages per day is blocked outright. Fix it by ensuring your From domain aligns with either an authenticated SPF return-path or a DKIM signing domain.

Should I retry a 421-4.7.0 response?

421-4.7.0 is Gmail's rate-limit and reputation throttle. The connection was deferred, not refused. Standard MTA behaviour is to retry with exponential backoff over 24 to 72 hours. But if you see 421-4.7.0 climbing across a campaign, treat it as a reputation warning: pause sending, audit complaint rate, and review the most recent list segments before continuing.

How do invalid addresses damage domain reputation?

Mailbox providers track the ratio of attempts that hit non-existent addresses (the unknown-user rate). A rate above roughly 2 to 5 percent signals list-buying, scraping, or a stale list — all reputation-degrading patterns. Spam traps inside those invalid sets cause the worst damage: a single pristine trap hit can move a domain from green to yellow at Outlook within a day.

Is a bounce the same thing as a complaint?

No. A bounce is a server-side rejection; a complaint is the recipient pressing 'mark as spam' after delivery. They are reported through different channels (SMTP reply vs. feedback loop) and have different remediation paths. A high complaint rate is more damaging to reputation than a high bounce rate, but a high bounce rate often predicts a coming complaint spike.

What is an asynchronous bounce?

An asynchronous (or out-of-band) bounce is a Delivery Status Notification sent back after the original SMTP transaction already returned 250 OK. The receiving server accepted the message, then later decided it could not deliver it — often because of post-acceptance content scanning or a downstream forwarder rejection. Async bounces are harder to attribute to a specific send but should be parsed and acted on the same way.

Academy · OperationsRead in 11 min

Hard Bounce vs Soft Bounce: SMTP Codes Explained

Read SMTP reply codes like a deliverability engineer. What 4xx vs 5xx really mean, which codes to suppress on, and how invalid addresses erode domain reputation.

Afsan RahmatullahMailerMonk

Published May 13, 2026

#bounces
#operations
#smtp
#suppression

Every deliverability incident eventually surfaces in the bounce log. A campaign that looked healthy at send time starts returning a wave of rejections an hour later, and the operator has minutes to decide whether the problem is a bad list, a reputation hit, a content trigger, or an authentication regression. Reading SMTP reply codes accurately is the difference between a five-minute fix and a week-long warm-up to recover a domain.

The mental model: permanent vs temporary, mailbox vs policy

Every SMTP reply is two things at once: a class (permanent or temporary) and a reason (mailbox-level or policy-level). The class is encoded in the first digit — 4 for temporary, 5 for permanent — and the reason sits inside the enhanced status code (the dotted triplet like 5.7.1). Treat the two dimensions independently. A 4xx mailbox-full bounce and a 4xx reputation throttle look similar at a glance but require opposite responses: the first is a per-recipient retry, the second is a campaign-level pause.

The enhanced status codes are defined in RFC 3463. The first digit of the triplet mirrors the SMTP class. The second digit narrows the category: 1 is addressing, 2 is mailbox, 3 is mail-system, 4 is network, 5 is protocol, 6 is content, 7 is policy and security. The third digit is the specific reason. A code of 5.7.1 therefore reads as "permanent, policy, generic rejection" — almost always a sender-side problem rather than a recipient-side one.

Reading the signals: a lookup table for common codes

The table below covers the codes that account for the large majority of bounces seen at Gmail, Outlook, Yahoo, and most enterprise mail servers. Wording varies by provider, but the action column generalises.

Code	Meaning	Action
421 4.7.0	Temporary reputation or rate-limit throttle (Gmail, Yahoo)	Retry with backoff; if persistent, pause and audit reputation
421 4.4.5	System-side congestion at the receiver	Retry; no sender action required
451 4.7.1	Greylisted or temporary policy deferral	Retry after 5 to 15 minutes; typical for cold senders
452 4.2.2	Mailbox over quota	Retry for several days; suppress only after persistent failure
550 5.1.1	Recipient address does not exist (unknown user)	Suppress immediately; counts toward unknown-user rate
550 5.1.10	Recipient address rejected (Outlook variant)	Suppress; verify list source
550 5.2.1	Mailbox disabled or inactive	Suppress; classic abandoned-account signal
550 5.7.1	Policy rejection (authentication, IP block, content)	Investigate sender-side; do not suppress recipient
550 5.7.26	Gmail: failed SPF or DKIM alignment with From domain	Fix authentication alignment; do not suppress
553 5.1.8	Sender address rejected (often invalid Return-Path)	Fix Return-Path or bounce domain
554 5.7.1	Transaction failed, generic policy block	Check blocklist status and content; investigate IP and domain
554 5.7.9	Message refused: authentication required	Authenticate properly; check DMARC alignment

Two provider quirks are worth memorising. Gmail returns 421-4.7.0 with a URL to its postmaster docs when it is throttling on reputation; the URL fragment in the response often hints at whether the cause is bulk compliance, spam content, or unauthenticated mail. Outlook returns 550-5.7.1 with a token like S3140 or S3150 — the token is the actual diagnostic, not the prose. Build your bounce parser to extract those provider-specific tokens, not just the triplet.

Invalid addresses: the slow reputation killer

A 5.1.1 unknown-user response on a single message is harmless. A 5.1.1 rate above 2 percent on a campaign is a domain-reputation event. Gmail and Outlook both maintain a rolling view of how often a sender hits non-existent addresses; the rate is treated as a proxy for list quality and acquisition hygiene. Sustained unknown-user rates predict spam-trap hits, and trap hits cause direct reputation drops that take weeks to recover from. The list hygiene lesson covers the acquisition and validation patterns that prevent this; the operational rule is simpler: suppress hard bounces on first occurrence, and never re-attempt a suppressed address without a verification step.

Action playbook

When hard bounces spike on a single campaign

Confirm the spike is real by checking the bounce timestamp distribution. A flat curve across the campaign is a list-quality problem; a sharp post-send cliff is often a downstream filter.
Group bounces by enhanced status code. If 5.1.1 dominates, the segment is stale or poorly acquired. If 5.7.x dominates, it is a policy issue and the recipients are real.
Pull the segment definition and check the last engagement date for the bouncing cohort. Segments that include addresses inactive for more than 12 months are the usual culprit.

When soft bounces dominate

Separate 4.2.2 mailbox-full from 4.7.x policy deferrals. The first group is recipient state and resolves itself; the second is a reputation conversation.
For 4.7.0 from Gmail at scale, pause the IP or domain immediately, check the Postmaster Tools domain reputation graph, and resume only after the rate-limit response clears for several hours of low-volume sending.
For greylisting (451 4.7.1) from a small receiver, simply retry — it is normal behaviour for cold or low-volume senders and not a reputation signal.

When 5.7.26 or 5.7.9 appears

Both codes mean authentication is the problem, not the recipient. Audit SPF (see SPF explained) and DKIM (see DKIM explained) alignment with the visible From domain. Run the From domain through the DMARC checker and confirm the published policy matches the alignment your ESP can produce. Almost every 5.7.26 incident traces back to a sending stream that authenticates as a different domain than the one in the From header.

Bounce parsing as an engineering discipline

The biggest operational mistake is treating bounces as a binary suppress/retry flag. A modern bounce pipeline stores the full SMTP response, the enhanced status code, the receiving MX, the provider-specific diagnostic token, and the campaign and segment IDs. That structure lets you answer the questions that matter during an incident — is this a list problem or a reputation problem, is it concentrated at one provider, and is the trend improving or worsening — within minutes instead of hours.

Bounces are the cheapest deliverability telemetry you have. Treat them as primary signal, not exhaust.

Looking for the short definition? See email bounce in the glossary.

Frequently asked · Operations

Common questions.

What is the difference between a hard bounce and a soft bounce?: A hard bounce is a permanent failure returned by the receiving server with a 5xx SMTP code — the address does not exist, the domain has no MX, or the recipient is blocked. A soft bounce is a temporary failure with a 4xx code: full mailbox, throttling, greylisting, or a transient DNS issue. Hard bounces should be suppressed immediately. Soft bounces should be retried with backoff and only suppressed after repeated failure over several days.
How many soft bounces should I tolerate before suppressing an address?: A common policy is to suppress after 4 to 7 consecutive soft bounces across at least 72 hours, or after a single 4xx response that has persisted for more than five days. The exact threshold depends on volume and the specific 4xx code: a persistent 421-4.7.0 from Gmail is a reputation signal, not a mailbox problem, and should not auto-suppress the recipient — it should pause the campaign.
Why does a 5.7.1 bounce happen even when the address is real?: 5.7.1 is a policy rejection, not an address rejection. The recipient exists, but the receiving server refused the message for authentication, content, or reputation reasons. Common triggers include missing or failing DMARC alignment, a blocked sending IP, a blacklisted From domain, or content that matches a spam filter rule. Do not suppress the recipient — fix the sender-side issue.
What does 550-5.7.26 from Gmail mean?: 5.7.26 means Gmail rejected the message because it did not pass either SPF or DKIM alignment with the From domain. As of Gmail's 2024 bulk sender enforcement, unaligned mail from senders over 5,000 messages per day is blocked outright. Fix it by ensuring your From domain aligns with either an authenticated SPF return-path or a DKIM signing domain.
Should I retry a 421-4.7.0 response?: 421-4.7.0 is Gmail's rate-limit and reputation throttle. The connection was deferred, not refused. Standard MTA behaviour is to retry with exponential backoff over 24 to 72 hours. But if you see 421-4.7.0 climbing across a campaign, treat it as a reputation warning: pause sending, audit complaint rate, and review the most recent list segments before continuing.
How do invalid addresses damage domain reputation?: Mailbox providers track the ratio of attempts that hit non-existent addresses (the unknown-user rate). A rate above roughly 2 to 5 percent signals list-buying, scraping, or a stale list — all reputation-degrading patterns. Spam traps inside those invalid sets cause the worst damage: a single pristine trap hit can move a domain from green to yellow at Outlook within a day.
Is a bounce the same thing as a complaint?: No. A bounce is a server-side rejection; a complaint is the recipient pressing 'mark as spam' after delivery. They are reported through different channels (SMTP reply vs. feedback loop) and have different remediation paths. A high complaint rate is more damaging to reputation than a high bounce rate, but a high bounce rate often predicts a coming complaint spike.
What is an asynchronous bounce?: An asynchronous (or out-of-band) bounce is a Delivery Status Notification sent back after the original SMTP transaction already returned 250 OK. The receiving server accepted the message, then later decided it could not deliver it — often because of post-acceptance content scanning or a downstream forwarder rejection. Async bounces are harder to attribute to a specific send but should be parsed and acted on the same way.

Continue · Related lessons

Keep learning.

About · Author

Afsan Rahmatullah

MailerMonk

Building tools that keep cold email out of spam. Writes about deliverability, DMARC, and what actually moves inbox placement.

Mm · Back to Academy index