Monday, August 12, 2013, 13:50
Solution ID: 00000240
I need help figuring out what a Delivery Status Notification (DSN) bounce message message is saying. Can you help me learn how to interpret these messages?
E-mail is exchanged using a protocol called SMTP. The DSN or bounce message is a report based on an error that occured during the SMTP exchange between two mail servers. The diagnosis of the delivery problem may seem quite technical and may be difficult to explain. If you do not fully understand what you are reading, that is okay. Read through all the text and see if you can extract "something" that makes sense. The cause of your problem is ususally written in plain english, but surrounded by a quantity of technical information.
Some mail servers will give you the SMTP response as it is generated, which may be difficult to understand if you are not familiar with the SMTP protocol. Other mail servers may give you an easy to understand message, saying there was a problem, but not very helpful in telling you what the problem actually was.
Bounce messages can vary in format, and in exact wording, depending on the mail server that's sending the message back to you. Different types of mail servers use different terminology. Some are quite geeky and difficult to understand. Others seem to take five paragraphs to tell you that you probably just mistyped the email address you were sending to.
All that said, lets work through an example that will hopefully help you understand what is going on. Buried in the all the technical verbage is actually some helpful information, if your mail server passes you this information.
Here is an example:
----- Transcript of session follows -----
... while talking to smtp.example.net.:
550 5.1.1 ... User unknown
Here's a bounce from another mail server which attempts to be friendlier:
Hi. This is the qmail-send program at example.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
10.10.10.10. does not like recipient.
Remote host said: 550 MAILBOX NOT FOUND
Giving up on 10.10.10.10.
----- The following addresses had permanent fatal errors -----
SMTP error messages usually consist of a 3-digit numeric code (e.g. 550) followed by a plain text description of what the problem is. In this example we see: 550 MAILBOX NOT FOUND. If we look closer there were a number of errors in this example:
550 5.1.1 ... User unknown
550 MAILBOX NOT FOUND
In general return codes in the 500 range are permanent errors and return codes in the 400 range are temporary errors. For temporary errors the mail server is saying it can not perform the task at the present moment, but try again later. Notice the two entries had the same 550 code bug different descriptions. Different mail servers interpret SMTP codes differently and may give different, but similar, plain text descriptions.
From this example, it is plain there is a problem with the recipient address. It likely does not exist, so either there was a mistyped e-mail address, the address may no longer be valid, or there may be a problem with the receiving mail server (which happens much more often than you would believe.)
Common Error Messages:
Mailbox Not Found, Invalid Mailbox, User Unknown, Not Our Customer - These are all saying pretty much the same thing. In the "email@example.com" bounce examples above, the mail server "example.com" doesn't have an account for anyone with the email name "someone". Often these errors are due to mis-typing the recipient e-mail address. Double check the e-mail recipient. You may be using an old e-mail address, make sure the address is current.
Mailbox Unavailable - This is most often the same as "Mailbox Not Found", though it may also mean that there is a problem with the receiving mail server. Check to make sure that you have the email address correct, wait a while and try again, and if it still bounces, try contacting the recipient some other way.
Mailbox Full, Quota Exceeded - Sometimes this will show up as a part of a "Mailbox Mnavailable" message. The recipient has too much e-mail in their inbox and their mail server is refusing to accept any more. This is most common with web-based e-mail services which limit how much mail can accumulate for a particular mail account. This can also be a sign of an abandoned mail account, where the account owner has stopped checking their e-mail. In any case, you'll need to contact the recipient through some other means.
Host Unknown, Domain Lookup Failed - There is no mail server that hosts the domain portion of the e-mail address being sent to, (i.e. the example.com part of the e-mail address). A common reason is again, a mis-typed e-mail address. Make sure you typed it in correctly. This may also happen when an organization changes its domain name.
Unable to Relay - This is a terribly obscure error message, but also becoming more and more common as ISPs try to crack down on spam. Mail is sent by relaying e-mail from one server to the next. There could be many servers involved, but typically it's the mail server at your ISP relaying your email to the mail server at your recipients ISP. In general, a mail server must "know" either the sender of an email, or its recipient, in order to safely transmit mail. Mail servers that do not enforce this requirement are called "open relays" and can be exploited by spammers to send out tons of spam. Things get complicated because not all ISPs agree on what it means to "know" the sender of an email. All of these might result in an "Unable to Relay" message, depending entirely on the servers and ISPs involved. Sometimes this error will happen only occationally. In this situation there is problably a mail server configuration error on the recipients part. This happens more more frequently than you would think and even very large organizations suffer from this problem.
Errors like "no adequate servers", "Connection Timed Out", "Resources temporarily unavailable.", "Out of memory" all typically indicate a problem with a mail server that you probably don't have any control over. They are, in general, temporary, and should resolve themselves over time. Look carefully at the bounce message; the email server involved may continue to automatically try to deliver your email without any action required on your part.
If you see messages that indicate your email was "blocked", or "listed in", and references to sites that have things like "spamcop", "dynablock", "blackhole", "spamhaus" and similar in their names, then your email was probably intentionally blocked because the receiving system thinks your ISP's mail server is a source of spam.
Various blacklisting services try to identify servers which are sources of spam. They then make that list available to ISPs, who in turn can block email coming from these sources. The problem is that criteria for addition and removal from these blacklists are vague, at best, and getting a server removed from blacklists can be very difficult. If this happens to mail you send, get in touch with your ISP and explain that their server may be on a blacklist somewhere, and then try to use a different email address, or a different email account of your own, to contact your intended recipient. You might also tell your recipient that their ISP is improperly blocking legitimate email.
Much like blacklists, content filters are an approach many ISPs now implement to stem the tide of spam for their clients. Most will simply discard email that looks like spam, but some servers will actually send a bounce. Phrases in the bounce message like "Message looks like spam", "keywords rejected by the anti-spam content filter", "scored too high on spam scale" and similar means that your email, for whatever reason, tripped the spam filters on the receiving end. Your email looks too much like spam.
What does it mean to "look like spam"? Here, again, things get vague. That definition will vary greatly based on how your recipient's email server has been configured. Obvious possibilities are the use of pornographic words or phrases, HTML formatted email, currently popular drugs being hawked by spammers, or even having something that looks too much like a sales letter or a scam. The best approach is to scan the bounce for any clues (sometimes there's more information), and then validate your recipient can get any email by sending a simpler message. Assuming that all works, then re-work your message as best you can to not look like spam.
When a Bounce Isn't Really a Bounce:
Be careful! There's a class of viruses these days that propagate by "looking like" bounce messages. They instruct you to open an attachment for more information. Don't. Especially if you don't recall sending the message in the first place. Don't open any attachment, especially one accompanying what looks like an email bounce unless you are absolutely positively certain that it's legitimate.
You may also be getting bounce messages for email you didn't send. There's another class of virus that "spoofs" or fakes the "From" address on email messages, and as a result you could be getting bounce messages that have nothing to do with you.
Tags: smtp, errors, problems, diagnosing, dsn, bounce, tutorial
Link to this article: kb/delivery_status_notifcation_explanation
Updated: Monday, August 12, 2013, 13:50
-- David Rutherford