Published · Last verified · Maintained by TamingDNS

↩️ Google / Gmail SMTP Error Code Directory

Google stamps its bounce messages with proprietary identifiers like gsmtp alongside standard SMTP codes. This directory covers every Gmail and Google Workspace rejection you are likely to run into, with a plain-English explanation and a fix for each one.

Provider
Google / Gmail / Google Workspace
Key Identifiers
gsmtp · gcdp · googlemail.com
MX Hostname Pattern
aspmx.l.google.com

How to Identify a Gmail Bounce

Gmail NDRs arrive from [email protected]. The Diagnostic-Code line contains the SMTP code, enhanced code, a human-readable reason, and ends with a [gsmtp] or [gcdp] tag. 

Diagnostic-Code: smtp; 550 5.7.26 This message does not pass authentication checks
  (SPF and DKIM both do not pass). To fix this issue, review your SPF and DKIM
  configuration for example.com. [gsmtp]

The [gsmtp] tag confirms the rejection came from Gmail's servers. Google Workspace bounces use [gcdp] instead.

Gmail Error Codes

13 codes with Gmail-specific behaviour. Critical (Tier 1) codes appear first.

🟡 421 4.7.0 CRITICAL
Temporary Policy Rejection
Google 421 4.7.0 is a generic temporary hold, often for new IPs or reputation concerns. Back off and retry.
Full explanation & fix →
🟡 421 4.7.28 CRITICAL
Blocked: High Complaint Rate
This is a Google-specific code. Your domain or IP reputation is low due to spam complaints. Google Postmaster Tools shows your complaint rate and domain reputation.
Full explanation & fix →
🟡 450 4.2.1 CRITICAL
Rate Limit: Try Again Later
Google 450 4.2.1: the recipient's receiving rate is exceeded. This is per-recipient, not your sending rate.
Full explanation & fix →
🟡 452 4.2.2 CRITICAL
Mailbox Full (Temporary)
Google returns 452 4.2.2 for over-quota mailboxes, which your server will retry automatically.
Full explanation & fix →
🔴 535 5.7.8 CRITICAL
Authentication Credentials Invalid
Gmail requires an App Password for SMTP auth if 2-Step Verification is enabled. Standard passwords will return 535 5.7.8.
Full explanation & fix →
🔴 550 5.1.1 CRITICAL
Mailbox Does Not Exist
Google returns: "The email account that you tried to reach does not exist. Please try double-checking the recipient's email address for typos or unnecessary spaces."
Full explanation & fix →
🔴 550 5.7.1 CRITICAL
Message Rejected by Policy
Google uses 5.7.1 for both blocklist and policy rejections. Check your IP and domain reputation in Google Postmaster Tools.
Full explanation & fix →
🔴 550 5.7.23 CRITICAL
SPF Validation Failed
Google returns 5.7.23 specifically for SPF hard fails (-all rejection). With ~all (softfail), Google may still accept but DMARC may fail.
Full explanation & fix →
🔴 550 5.7.26 CRITICAL
DMARC Policy Violation
Google enforces DMARC p=reject strictly. Gmail bulk-sender rules (Feb 2024) require DMARC at minimum p=none for senders of 5,000+ messages a day.
Full explanation & fix →
🔴 552 5.2.2 CRITICAL
Mailbox Over Quota
Google returns 452 4.2.2 (temporary) rather than 552 5.2.2 for quota issues, allowing retries.
Full explanation & fix →
🔴 552 5.2.3 CRITICAL
Message Too Large for Mailbox
Gmail has a 25 MB limit for received messages. Google returns 552 5.2.3 when this is exceeded.
Full explanation & fix →
🔴 552 5.3.4 CRITICAL
Message Too Big for System
Google Workspace has a system-wide 25 MB send limit and 50 MB receive limit. Exceeding these results in 552 5.3.4.
Full explanation & fix →
🟡 421 4.7.29
Blocked: Local Policy (New Sender)
Google 421 4.7.29 is issued for new senders. Warm up your IP gradually, starting with your most engaged recipients and increasing volume weekly.
Full explanation & fix →

Google Bounce Identifier Glossary

[gsmtp]
Rejection from Gmail consumer mail servers (gmail.com). Confirms the bounce originated from Google's SMTP infrastructure.
[gcdp]
Rejection from Google Workspace / G Suite. Indicates the bounce came from Google Cloud Data Path servers handling business email.
aspmx.l.google.com
Google's primary inbound MX hostname. If the Remote-MTA in your bounce contains this, the rejection happened at Gmail's receiving gateway.

Gmail 2024 Bulk Sender Requirements

Since February 2024, Google requires all senders of more than 5,000 messages per day to Gmail addresses to meet these standards. Failure results in rejections and deferrals:

  • Valid SPF record authorising your sending IPs
  • DKIM signing with a 1024-bit key or larger on your sending domain
  • DMARC policy of at least p=none on the From domain
  • Spam complaint rate below 0.3% (target below 0.1%)
  • One-click unsubscribe header for marketing mail
📖 Google bulk sender requirements →

Frequently Asked Questions

Common questions about Gmail SMTP errors and delivery failures.

The [gsmtp] tag is Google's stamp on the end of its rejection messages. It is not an error code. It simply tells you the bounce came from Google's own SMTP servers rather than a third-party filter sitting in front of them. If you see [gcdp] instead, the rejection came from a Google Workspace (business) account rather than a consumer Gmail inbox.

Google offers Postmaster Tools for free. Once you verify your sending domain, it shows you your domain reputation, IP reputation, spam complaint rates, and a breakdown of any delivery errors. It's one of the most useful free tools available to email senders and well worth setting up.

The 4.7.28 error means Gmail users are hitting "Report Spam" on your messages at a rate that has triggered Google's filters. Log into Postmaster Tools to see your exact complaint rate. The fix is usually a combination of better list hygiene (removing unengaged contacts) and making your unsubscribe link obvious. The easier it is to leave, the less likely people are to reach for the spam button.

When you send from a brand-new IP address, Google has never seen it before, so it is understandably cautious. The 4.7.29 "new sender hold" is Google's way of saying "prove yourself first." The standard approach is to start small (a few hundred messages to your most engaged subscribers) and gradually double your volume each week. Most senders work through the warmup period in four to six weeks.

DMARC has a concept called alignment that trips a lot of people up. SPF passing is not enough on its own. The domain that SPF authenticates must also match the domain in your From address. If you use a third-party sending service, SPF passes for their domain, not yours. The only reliable fix is to set up DKIM signed with your own domain, which gives you the alignment DMARC needs.

Other Provider Directories

Microsoft 365
View directory →
Yahoo / AOL
View directory →
Apple iCloud
View directory →
Comcast / Xfinity
View directory →
Proofpoint
View directory →
Mimecast
View directory →
🔍

Got a Gmail bounce to decode?

Paste your full NDR email or SMTP error line for an instant plain-English diagnosis.

Open the Bounce Decoder →