How do I fix the 550 5.7.515 bounce error?

Publish a valid SPF record covering every service that sends as your domain Enable DKIM signing at your mail provider and publish the public key in DNS Publish a DMARC record at _dmarc.yourdomain , starting at p=none and moving towards p=quarantine or p=reject Make sure the From-domain aligns with the domain that passes SPF or DKIM (relaxed alignment is fine) Run our Domain Checker against your sending domain to confirm all three records pass and align

550 5.7.515: Outlook Rejects Unauthenticated High-Volume Sender

The 550 5.7.515 bounce is Microsoft's rejection for high-volume senders (over 5,000 messages a day to Outlook.com, Hotmail or Live) who do not have SPF, DKIM and DMARC in place. Effective May 2025.

🔴

Permanent Failure (Hard Bounce)

SMTP Code
550

Enhanced Code
5.7.515

Category
Outlook Rejects Unauthenticated High-Volume Sender

Frequency
Very Common

🔢 Enhanced Status Code Breakdown: `5.7.515`

Component	Value	Meaning
Class	5	Permanent failure (Hard bounce)
Subject	7	Security or policy
Detail	515	Outlook Rejects Unauthenticated High-Volume Sender

Per RFC 3463 Enhanced Mail System Status Codes. Class (X) = severity, Subject (Y) = category, Detail (Z) = specific condition.

💬 What This Error Means

Microsoft rejected your email because your domain sends more than 5,000 messages a day to Outlook.com, Hotmail or Live mailboxes and doesn't meet Microsoft's authentication requirements. Since 5 May 2025, Outlook expects SPF, DKIM and DMARC, with DMARC at a minimum of p=none and aligned with either SPF or DKIM. This mirrors the Gmail/Yahoo rules that came in in February 2024.

Common Causes

Sender exceeds 5,000 messages a day to Microsoft consumer mailboxes (Outlook.com, Hotmail, Live)
SPF record is missing, broken, or does not authorise the sending IP
DKIM signature is missing or fails verification
DMARC record is missing, or DMARC does not align with SPF or DKIM

How to Fix This

Publish a valid SPF record covering every service that sends as your domain
Enable DKIM signing at your mail provider and publish the public key in DNS
Publish a DMARC record at <code>_dmarc.yourdomain</code>, starting at <code>p=none</code> and moving towards <code>p=quarantine</code> or <code>p=reject</code>
Make sure the From-domain aligns with the domain that passes SPF or DKIM (relaxed alignment is fine)
Run our Domain Checker against your sending domain to confirm all three records pass and align

📚 Official Documentation

Microsoft 365 / Outlook

Microsoft started enforcing this on 5 May 2025 for senders of more than 5,000 messages a day to Outlook.com, Hotmail and Live. Non-compliant mail is initially routed to Junk and then rejected with 550 5.7.515.

📖 Microsoft 365 / Outlook documentation → Browse all Microsoft 365 / Outlook error codes →

↗ Microsoft DMARC configuration ↗ Gmail & Yahoo sender guidelines (the 2024 precedent) ↗ RFC 7489: DMARC

📋 Real-World Example Messages

These are real bounce message formats you might receive. Paste yours into the Bounce Decoder for instant analysis.

550; 5.7.515 Access denied, sending domain [example.com] does not meet the required authentication level.

🔗 Related Error Codes

                    550 5.7.26                

DMARC Policy Violation

                    550 5.7.1                

Message Rejected by Policy

                    550 5.7.23                

SPF Validation Failed

🔧 Related Diagnostic Tools

These tools can help you diagnose and fix this type of bounce:

🔧 This Bounce Is Related to Email Authentication

Fixing this type of bounce requires correctly configured SPF, DKIM, and DMARC records. Our free Domain Checker analyses all three in one scan and tells you exactly what to fix.

Run a Free Domain Authentication Check →

🔍

Got a bounce message to decode?

Paste your full NDR email, SMTP error line, or mail log fragment to get an instant plain-English diagnosis.

Open the Bounce Decoder →