Email Delivery Policies - Guide on Hard Bounces and Troubleshooting

Updated

Understanding Delivery Policies

Email delivery policies play a crucial role in managing the flow of messages within an organization. These policies can trigger actions like Hard Bounces or complete deletion of emails when certain content triggers are detected. It's important to note that multiple policies can conflict and lead to potentially removing legitimate emails, especially when policies are broadly applied without specific group targeting.

Email Delivery Issues

Hard Bounces

Hard bounces occur when the recipient's mail server rejects the email during the attempted connection. This is different from soft bounces, which result from messages being undeliverable based on Mimecast's retry schedule, often due to unavailable MX records or connection issues.

Common Bounce Scenarios

Several factors can lead to email bounces or delivery failures:

  • Invalid recipient email addresses.
  • Full mailboxes.
  • Oversized emails.
  • IP blocklisting or being on a block list.
  • Incorrectly configured domain settings.
  • Conflicts between multiple policies.

It's important to note that emails rejected by Housekeeping from On-Hold queues do not generate NDRs in Mimecast's system.

Troubleshooting Delivery Issues

When facing email delivery problems, follow these steps:

  1. Check the non-delivery report (NDR) for specific reasons.
  2. If your emails are being blocked, contact your email service provider to investigate and resolve IP reputation problems. They can help by switching to alternate IPs, working with the blocking provider to delist the IP, and ensuring your emails can be successfully delivered.
  3. For policy-level block lists:
    • Check the specific Blocked Senders Policy that was triggered.
    • Verify if there's a bypass policy for the blocked messages.
    • Add the affected users to the appropriate Directory Group that allows sending to the intended recipients.
    • Perform a manual sync in the Administration Console by navigating to Users & Groups | Directory Synchronization and clicking Sync All.
    • Confirm the users are added to the correct Directory Group.
    • Have the users send a test email to verify the resolution.
  4. For emails stuck in the processing queue:
    • Create a Content Examination Bypass policy for the specific sender and recipient domains.
    • Have the sender resend the email.
    • Verify the bypass policy is created in the correct section (Content Examination Bypass, not just Content Examination).
    • If issues persist, contact Mimecast support for further assistance.
  5. To resolve general email delivery issues:
    • Check the email's authentication status (DKIM, SPF, DMARC).
    • Create a DNS bypass definition for trusted senders.
    • Configure spam scanning policies to exclude specific senders or domains.
    • Verify that your Permitted Senders profile groups are correctly tied to spam scanning policies.

For persistent email delivery delays:

  1. Check the email routing path and identify where the delay is occurring.
  2. Collect specific evidence, like timestamp logs from different email systems.
  3. Contact your email service provider with detailed information about the delay, including exact timestamps and routing information.
  4. Request an investigation into the cause of the repeated delays.

Configuring and Managing Delivery Policies

When configuring delivery policies, consider the following:

  • Ensure that content examination policies are targeted to specific groups to avoid conflicts.
  • Regularly review and update bypass policies for trusted senders.
  • Configure spam scanning policies to balance security with legitimate email delivery.
  • Maintain up-to-date Permitted Senders profile groups.

Understanding and Using Non-Delivery Reports (NDRs)

What are NDR errors?

NDR (Non-Delivery Report) errors with 550 5.0.350 status typically occur when anti-spoofing policies block emails that appear to be spoofed. These errors can prevent legitimate emails from reaching their intended recipients, causing communication disruptions and potential business impacts.

Non-Delivery Reports (NDRs) are crucial for troubleshooting failed email deliveries. They contain important information such as:

  • Bounce date and time.
  • Bouncing mail server details.
  • Reason for bounce.
  • Details of the bounced message.

Mail servers typically generate NDRs based on SMTP 500 error codes from the recipient's mail server or timeout failures. Mimecast generates NDRs for two types of outbound failed delivery: hard-bounced and soft-bounced emails.

NDR receipts are available in Mimecast email reports for 30 days after the email is sent. Administrators should obtain NDRs from end-users when troubleshooting outbound failed email delivery queries.

Common causes of NDR 550 5.0.350 errors

There are several common scenarios that can trigger NDR 550 5.0.350 errors:

  • An email is sent from one domain and then forwarded back to the original domain.
  • The email routing does not go through the expected email protection service (like Mimecast).
  • The anti-spoofing policies are too restrictive and do not account for legitimate inter-domain email forwarding.

Steps to troubleshoot NDR errors

When faced with NDR errors, follow these troubleshooting steps:

  1. Check the non-delivery report (NDR) for specific reasons. The NDR often contains valuable information about why the email was blocked.
  2. Identify if your emails are being blocked due to common issues such as IP blocklisting or being on a block list.
  3. Contact your email service provider to investigate and resolve IP reputation problems.
  4. Work with your email service provider to:
    • Switch to alternate IPs if necessary.
    • Collaborate with the blocking provider to delist the IP.
    • Ensure your emails can be successfully delivered.

Email Routing and Queue Management

Email delivery queues can occur due to routing configuration issues, such as incorrectly configured domain settings. Adding an internal domain to an email management platform like Mimecast can cause routing complications, preventing emails from being delivered correctly.

To resolve such issues:

  1. Review your domain configurations.
  2. Ensure internal domains are not routed through external email management platforms.
  3. Verify that emails are being sent through the appropriate mail connectors.

When experiencing email rejections during domain migrations or forwarding, contact your Managed Service Provider (MSP) to:

  1. Review your email relay Profile Groups.
  2. Ensure the recipient domain is added to the allowed relay domains.
  3. Verify email routing configurations between the involved email systems.

Related to

Was this article helpful?
36 out of 74 found this helpful

Comments

10 comments
Date Votes
  • Avatar
    Melissa Bunguke

    Why am i getting this error whensending emails to (redacted) ?  David is not able to receive emails from FSD Africa but he can receive emails from other organizations. Please help 

     

    0
  • Avatar
    Admin - LI

    Hi Melissa

    Thank you for the comment! In order to get you the best solution possible, would you please post it into our Community? Not only will it be addressed by Cybersecurity peers, but the Mimecast team as well. Once you receive a solution, it can be bookmarked for easy retrieval.

    If your issue is more urgent and/or you wish to open a new Support case, please do so here.”

    0
  • Avatar
    Jacob Mulaudzi

    Good day, would anyone be able to help me? We recently moved our domain to a new service provider. Now, when we send an email to the public domain, like Gmail and iCloud, we get this error below

    0
  • Avatar
    Admin - LI

    Hi Jacob

    Thank you for your comment! Our advice is to ensure that you have DKIM, SPF and DMARC set up. Alternatively, in order to get you the best solution possible, would you please post it into our Community? Not only will it be addressed by Cybersecurity peers, but the Mimecast team as well. Once you receive a solution, it can be bookmarked for easy retrieval.

    If your issue is more urgent and/or you wish to open a new Support case, please do so here.

    I hope this is helpful.

    0
  • Avatar
    Tebogo Hlongwane

    How Long Does it take for Bounce Messages to stop transmitting Can you please Stop email from <email address removed> to <email address removed> .<username removed> is still getting Bounce email Notifications email address <email address removed> is invalid 

    0
  • Avatar
    Admin - CL
    (Edited )

    Hello Tebogo Hlongwane,

    To answer your question for Bounce Messages, its 30 retries over 4 days. This is mentioned in https://mimecastsupport.zendesk.com/hc/en-us/articles/34000759536147-Bounced-Messages under “Viewing Bounced Messages”.
    If you're still having issues, and you wish to open a new Support case, please do so here.

    0
  • Avatar
    Sameer-Jameel Shaikh

    URL is getting screen for spam and Malicious

    0
  • Avatar
    Admin - VM

    Thank you for your feedback. I can see you already have a ticket open, and our Support team will assist with your query.
     

    0
  • Avatar
    Pouya Shamimi

    When there is an external link the emails, Mimecast replaces this link with a Mimecast link and when clicked, it opens the Mimecast link first before redirecting it to the original link location. This has progressively gotten very slow, sometimes 6-10 seconds before it redirects. 

    0
  • Avatar
    Admin - VM

    Thank you for your feedback. I can see that you already have a ticket open, and our Support team will assist with your query

    0

Please sign in to leave a comment.