Fix email delivery issues for error code 5.7.1 in Office 365

Have you ever sent an email message in Outlook or Outlook Web app and received an Exchange NDR error message about why your email couldn't be sent? This topic will walk you through the steps of what to do if you get delivery status notification (DSN) error code 5.7.1 or Exchange NDR 5.7.1 in a non-delivery report (NDR).

Button to get email user help Button to get admin help

This information also applies to error codes 5.7.0 through 5.7.999 in Exchange Online and Office 365. There can be several causes for dsn error code 5.7.1, for which solutions are provided later in this topic.

Email user help if you sent a message and then received Exchange NDR 5.7.1 or 5.7.0 through 5.7.999

There's reasons you might get these error messages. Generally, the error indicates that your organization has a security setting for emails that is preventing your message from reaching the recipient. It might be one of the following problems:

  • You don’t have permission to send to the recipient.

  • You don’t have permission to send to the distribution group or one of its subgroups.

  • You don’t have permission to send email through an email server that’s between you and the recipient.

  • Your message was routed to the wrong email server.

Tips for fixing the problem that is causing DSN error code 5.7.1 or 5.7.0 through 5.7.999

Most of the time, you probably won't be able to fix this problem on your own. Either the recipient or the recipient’s email administrator has to update their email settings. However, here are a few things you can try.

If the recipient is outside of your organization    - Ask the recipient to ask their email administrator to set up the mailbox so that it accepts email from you.

If you’re sending to an internal distribution group    - You might not have permission to send to the group or to one of its subgroups. In this case, the NDR includes the names of the restricted groups that you don’t have permission to send to. Ask the owner of the restricted group to grant you permission to send messages to it. If you don’t know the group’s owner, you can find it by doing the following in either Outlook Web App or Outlook.

  1. Select the NDR 5.7.1 message.

  2. In Outlook Web App, choose the group name located in the To line. In Outlook, double-click the group name.

  3. In Outlook Web App, from the pop-up dialog box, choose Owner. In Outlook, choose Contact.

If you’re sending to a large distribution group    - Groups with more than 5,000 members have the following three restrictions automatically applied:

  • You must be a member of the group in order to send mail to it.

  • Messages sent to the group require approval by a moderator.

  • Large messages can’t be sent to the group. However, you’ll receive a different NDR than 5.7.1 if that’s the issue. See Exchange Online Limits.

To resolve the issue, join the group, or ask the group’s owner or moderator to approve your message. Refer them to the If you’re the owner of a restricted distribution group    section later in this topic.

If none of the previous steps apply or solve your issue, contact the recipient’s email administrator, and refer them to the If you’re an Office 365 email administrator    section later in this topic.

If you’re the owner of a restricted distribution group

If someone sent a message to your distribution group and they received NDR 5.7.1, and you want to let them send to your group, try one of the steps here.

Remove the sender restriction    - To grant the sender permission to send to your distribution group, you can change the group properties in one of the following ways:

  • Add the sender’s email address to the group’s list of allowed senders.

  • Add the sender’s email address to the group or ask them to join the group.

  • If the sender is restricted because they’re outside your organization, you can configure the group to accept messages from external senders.

  • If you’ve configured a transport rule to restrict certain senders or groups of senders, you can modify the rule to accept messages from the sender.

Restrictions on large groups    - Groups with more than 5,000 members have the following three restrictions automatically applied:

  • Senders must be a member of the group.

  • Messages sent to the group require approval by a moderator.

  • Large messages can’t be sent to the group (but you’ll receive a different NDR from this one if that’s the issue). See Exchange Online Limits.

To resolve the issue for the sender, approve their message, or add them to the group.

Managing distribution groups   

Office 365 email administrator help for Exchange NDR 5.7.1 or 5.7.0 through 5.7.999

If the steps in the above section do not solve the issue for the sender, the solution likely requires action by the recipient’s email administrator. This can include reconfiguring settings for the recipient, distribution group, organization, or domain.

How do I fix the problem that is causing Exchange NDR 5.7.1 or 5.7.0 through 5.7.999?

If you’re an email administrator and you need to help solve a 5.7.1 Exchange NDR issue, find the section here that seems to match your problem, and follow the guidance provided.

If the sender is outside of your organization    - Configure the recipient or your mail servers to accept mail from external or anonymous senders.

When external users try to send mail to mail-enabled public folders in Office 365    - When external users try to send email messages to mail-enabled public folders in Office 365, they receive an NDR that contains the following error code:

Remote Server returned '<xxxxxxxx> #5.7.1 smtp;550 5.7.1 RESOLVER.RST.AuthRequired; authentication required [Stage: CreateMessage]>'

To change the behavior so that mail-enabled public folders can accept mail from external senders, follow these steps:

  1. Connect to Exchange Online by using remote PowerShell. For steps on how to do this, check out Connect to Exchange Online using remote PowerShell.

  2. Add permission for the Anonymous account to public folders. To do this, run the following command:

    Add-PublicFolderClientPermission -identity <Public Folder> -User Anonymous -AccessRights CreateItems

    Refer to Knowledge Base article 2984402.

If the sender is outside your organization and their email server IP address has been put on Microsoft’s blocklist    - In these cases, the NDR the sender receives would include information in the Diagnostics for administrators section similar to this:

5.7.1 Service unavailable; Client host [xxx.xxx.xxx.xxx] blocked using Blocklist 1; To request removal from this list please forward this message to delist@messaging.microsoft.com

Forward the NDR message to delist@messaging.microsoft.com.

Domain isn't fully enrolled in Office 365    - If the domain isn't fully enrolled, try the following steps:

  • Verify your domain appears as Active in the Office 365 portal at https://portal.office.com.

  • For information about adding your domain to Office 365, see Domains in Office 365.

  • To troubleshoot domain verification issues, see Microsoft Knowledge Base article 2515404.

Incorrect MX record    - If you have an incorect MX record, try the following steps:

  1. Check the sender and recipient domains for incorrect or stale MX records by running the Mailflow Troubleshooter.

  2. Check with your domain registrar or DNS hosting service to verify the MX record for your domain is correct. The MX record for a domain that's enrolled in Exchange Online uses the syntax <domain>.mail.protection.outlook.com.

  3. Verify MX Record and Outbound Connector Test at Office 365 > Mail Flow Configuration in the Microsoft Remote Connectivity Analyzer.

  4. Verify you have only one MX record configured for your domain. Microsoft doesn’t support using more than one MX record for a domain that's enrolled in Exchange Online.

Incorrect SPF record    - The Sender Policy Framework (SPF) record for your domain might be incomplete and might not include all sources of mail for your domain. For more information about verifying your SPF record, see Customize an SPF Record to Validate Outbound Email Sent from Your Domain.

Combined on-premises and cloud hybrid deployment configuration issues    - If your domain is part of a hybrid deployment between Exchange and Exchange Online, check the following items.

Even though the Hybrid Configuration Wizard automatically configures the inbound and outbound connectors in the Exchange Online Protection (EOP) service, you can verify that the connector settings are correct. If the connectors used for the hybrid deployment are configured incorrectly, your Exchange administrator needs to rerun the Hybrid Configuration Wizard in the on-premises Exchange organization.

Verify the configuration of the inbound connector that's used for hybrid. For more information, see Microsoft Knowledge Base article 2827473.

Verify the configuration of the outbound connector that's used for hybrid by following these steps:

  1. Open the Office 365 portal at https://portal.microsoftonline.com, and click Admin > Exchange.

  2. In the Exchange admin center, click Mail Flow > Connectors. In the Outbound connectors section, select the connector that's used for hybrid, and choose Edit. Verify the following information:

    • Delivery      If Route mail through smart hosts is selected, confirm the correct IP address or FQDN is specified. If MX record associated with the recipient domain is selected, confirm the MX record for the domain points to the correct mail server.

      You can test your MX record and your ability to send mail from your Exchange Online organization by using the Verify MX Record and Outbound Connector Test at Office 365 > Mail Flow Configuration in the Microsoft Remote Connectivity Analyzer.

    • Scope      If you need to route inbound Internet mail to your on-premises Exchange organization, Domains needs to include all email domains that are used in your on-premises organization. You can use the value asterisk (*) to also route all outbound Internet mail through the on-premises organization.

Read Transport Routing in Exchange 2013 Hybrid Deployments for more info about transport routing in hybrid deployments.

Still need help?

Get help from the Office 365 community forums Admins: Sign in and create a service request Admins: Call Support

See Also

What are Exchange NDRs in Exchange Online and Office 365

Share Facebook Facebook Twitter Twitter Email Email

Was this information helpful?

Great! Any other feedback?

How can we improve it?

Thank you for your feedback!

×