BETA

Mimecast Email Gateway SMTP Error Code Directory

mimecast.com gateway rejection patterns, policy blocks, and reputation filters — decoded

🔧 Related Tools

ANALYSIS TOOLS
🔒 Full Checker Complete email deliverability scan: SPF, DKIM, DMARC, MX, blacklists & more. 📨 SPF Check and visualise your SPF record including the full DNS lookup tree. 🔑 DKIM Scan all known DKIM selectors and validate key strength for your domain. 🛡️ DMARC Parse every DMARC tag, validate policy strength, and check external report destinations. 📧 Email Headers Analyse raw email headers to trace delivery path and authentication results. 📬 Bounce Decoder Decode NDR bounce messages and SMTP error codes to diagnose delivery failures. 🦁 BIMI Verify your BIMI logo record and VMC certificate status. 🔐 DNSSEC Validate the DNSSEC chain of trust: DS, DNSKEY, and RRSIG records. 🔒 MTA-STS Check your MTA-STS DNS record and TLS policy file for enforced encryption. 📋 TLS-RPT Validate your TLS-RPT reporting address for email transport encryption reports. 🌍 WHOIS Look up domain registration details via RDAP.
DIAGNOSTIC TOOLS
🚫 Blacklist / RBL Check IPs and domains against major email blacklists and RBLs. 📬 MX Inspector Resolve MX hosts, check A/AAAA records, validate PTR and FCrDNS for each mail server. 🌐 DNS Propagation Check DNS record propagation across multiple global resolvers simultaneously. 🔍 DNS Lookup Query A, AAAA, MX, TXT, CNAME, NS, SOA, SRV, CAA and PTR records via Google, Cloudflare or Quad9.
BUILDER TOOLS
🛡️ DMARC Builder Build a DMARC TXT record with the right policy, RUA/RUF and subdomain options. 🛠 SPF Builder Generate a validated SPF record by selecting your email senders. ✂️ Route 53 Splitter Split long DKIM or SPF TXT records for AWS Route 53's 255-character limit.

Mimecast Email Gateway SMTP Error Code Directory

Mimecast is one of the most common enterprise email security gateways. When a company routes inbound mail through Mimecast, their MX records resolve to mimecast.com servers. Mimecast uses standard SMTP enhanced codes, but adds its own policy and reputation filtering on top — and every company can configure their own rules, which means the same IP can be accepted by one Mimecast customer and blocked by another.

Gateway
Mimecast Email Security
MX Hostname Pattern
*.mimecast.com
NDR From Address
[email protected]

How to Identify a Mimecast Bounce

If the Remote-MTA in your bounce contains a hostname ending in mimecast.com (such as us-smtp-inbound-1.mimecast.com), the rejection came from Mimecast. Mimecast includes the string smtp; in its diagnostic codes, and often appends an IP address and a numeric identifier in square brackets. 

Remote-MTA: dns; us-smtp-inbound-1.mimecast.com
Diagnostic-Code: smtp; 550-5.7.1 [198.51.100.1 12] Message rejected.
  See https://www.mimecast.com/products/email-security/faq/ for more info.

The mimecast.com MX hostname is the key identifier. The numeric code in brackets (e.g. [198.51.100.1 12]) is an internal Mimecast reference — the IP is your sending IP and the number is Mimecast's rejection reason code.

Mimecast Rejection Reason Codes

Mimecast appends a numeric reason code in square brackets after the sending IP in rejection messages. These codes identify the category of rejection:

[IP 1]
Blocked sender (reputation)
[IP 2]
Content policy violation
[IP 3]
Anti-spam filter
[IP 5]
DMARC / authentication failure
[IP 10]
Rate limit exceeded
[IP 12]
IP reputation block

Mimecast Error Codes

The most common SMTP errors returned by Mimecast Email Security gateways.

🔴 550 5.7.1 CRITICAL
Message Rejected by Mimecast Policy
Mimecast's anti-spam or policy engine has rejected your message. This is the most common Mimecast hard bounce. It can be triggered by IP reputation, domain reputation, content filtering, or a custom policy rule set by the recipient organisation's Mimecast admin.
550 5.7.1 smtp; 550-5.7.1 [198.51.100.1 12] Message rejected. See https://www.mimecast.com/products/email-security/faq/ for more info.
🟡 421 4.7.1 CRITICAL
Greylisting — Retry Later
Mimecast is greylisting your message. Your mail server will retry automatically and the second attempt typically succeeds. This is a standard anti-spam technique that filters out bots that do not retry.
421 4.7.1 Service temporarily unavailable - please retry.
🔴 550 5.7.26 CRITICAL
DMARC Policy Violation
The recipient organisation's Mimecast gateway is enforcing DMARC. Your message failed SPF/DKIM alignment against the From domain. Fix your DKIM signing and SPF record.
550 5.7.26 This message fails to pass DMARC evaluation and the sending domain has a DMARC Reject policy.
🟡 421 4.7.0 CRITICAL
Rate Limited — Too Many Messages
Mimecast is rate-limiting your sending IP or domain. Reduce your sending rate and implement exponential back-off. Your mail server will retry automatically.
421 4.7.0 Too many connections from your IP.
🔴 550 5.1.1 CRITICAL
Recipient Does Not Exist
Mimecast's directory synchronisation with the recipient organisation confirmed this address does not exist. Remove from your list immediately.
550 5.1.1 smtp; User unknown

Getting Delisted from Mimecast

If Mimecast is blocking your IP or domain, follow these steps before requesting review:

  • Verify your SPF, DKIM, and DMARC records are correctly configured
  • Check your IP against major blocklists — Mimecast respects Spamhaus and similar feeds
  • Ensure your reverse DNS (PTR) record matches your sending hostname
  • Submit a sender review via the Mimecast Sender Reputation portal
📖 Mimecast Sender FAQ →

Frequently Asked Questions

Common questions about Mimecast gateway SMTP errors.

Look up the MX records for the recipient domain using our MX Inspector. If they resolve to hostnames ending in mimecast.com — like us-smtp-inbound-1.mimecast.com — Mimecast is handling their inbound mail. This tells you which filtering system you are dealing with and what delist steps are relevant.

This is what's known as a delayed bounce, and it happens because Mimecast accepted the message on behalf of the recipient at the SMTP level, but then a downstream system — usually the actual mail server like Exchange — rejected it during processing. The bounce email still comes from the Mimecast MX hostname, which can be confusing. Look at the enhanced status code inside the bounce for the real reason.

Yes, and this is the key thing to understand about Mimecast: every company that uses it gets to configure their own rules. That means your IP or domain might be perfectly fine for one Mimecast customer and blocked by another — not because of your reputation globally, but because their IT admin has set a stricter policy. If you are being blocked by a specific organisation, the fastest fix is to ask the recipient's IT admin to whitelist your IP or domain directly in their Mimecast console.

Work through this in order. First, check your authentication — run your domain through our Domain Checker to confirm SPF, DKIM, and DMARC are correct. Second, check your IP reputation with our Blacklist Checker — Mimecast respects major IP blocklists like Spamhaus and Spamcop, so if you are listed there, get delisted first. Third, check your reverse DNS (PTR) record — Mimecast is known to reject senders that do not have a valid PTR matching their sending hostname.

Other Provider Directories

Google / Gmail
View directory →
Microsoft 365
View directory →
Yahoo / AOL
View directory →
Apple iCloud
View directory →
Comcast / Xfinity
View directory →
Proofpoint
View directory →
🔍

Got a Mimecast bounce to decode?

Paste your full NDR email or SMTP error line for an instant plain-English diagnosis.

Open the Bounce Decoder →