Why is my IP address not authorized to send email and how do I fix it?

Key findings

• IP blocklist impact: Google and other major email providers often reject emails from IP addresses found on public blocklists like Spamhaus, as this helps prevent spam and unauthorized sending.
• Policy block lists (PBLs): These lists are maintained by ISPs and are designed to prevent direct email sending from IP ranges that should only be used for end-user connections, not for server-to-server mail transmission. If your IP is on a PBL, it means your ISP's policy prohibits direct mail sending from it.
• ISP responsibility: The authorization status of an IP address to send mail is determined by the internet service provider (ISP) that owns and provides that IP. Any delisting or policy changes must typically be handled by the ISP.
• SMTP relay requirement: The error explicitly advises using an SMTP relay provided by your service provider, indicating that direct sending from your current IP is not permitted.
• Authentication issues: Problems with SPF, DKIM, and DMARC records can also lead to rejection, as these protocols ensure your sending IP is authorized by your domain's DNS records. For more details on these, see a simple guide to DMARC, SPF, and DKIM.

Key considerations

• Contact your ISP: If your IP is on a PBL, only your ISP can remove it or confirm their policy regarding direct mail sending. This is the most crucial first step.
• Check blocklists: Verify if your IP address is listed on major blocklists, especially Spamhaus PBL. You can check your IP at Spamhaus Lookup. If you find your IP on any blocklist, learn more about how to fix a blacklisted IP address.
• Implement SMTP relay: If direct sending is prohibited by your ISP, configure your email setup to use an authorized SMTP relay service provided by your host or a third-party email service provider.
• Review authentication records: Ensure your SPF, DKIM, and DMARC records are correctly configured and align with your sending IP addresses and domains. Incorrect SPF records, for example, can lead to 'SPF unauthorized mail is prohibited' errors.
• Consult Google documentation: The error message often links directly to Google's support documentation, which provides valuable context and troubleshooting steps. Refer to the official guidance at Google Mail Help for NotAuthorizedError.

Key opinions

• ISP is key: Many marketers emphasize that the ISP is the ultimate authority regarding IP authorization and any related policy blocklist (PBL) listings. Communication with the ISP is seen as mandatory.
• PBL checks: There's a strong recommendation to check if the IP is listed on Spamhaus PBL, as this often aligns with Google's specific error message about unauthorized sending.
• Relay necessity: If an IP is not meant for direct sending, marketers understand the need to use an SMTP relay, which routes email through a third-party server that is authorized to send.
• Authentication validation: Marketers frequently point to SPF, DKIM, and DMARC as crucial elements to check, as misconfigurations can lead to authentication failures and IP authorization issues.
• Sharing IP for diagnosis: Some suggest sharing the problematic IP address can help the community diagnose the specific issue or blocklist listing.

Key considerations

• ISP communication: Even if the ISP claims no policy changes, persistent communication is vital to understand why specific IPs in a pool might suddenly face authorization issues.
• Check all IP types: If using both IPv4 and IPv6, verify if the block affects one or both, and check SPF records for both protocols.
• Reverse DNS (PTR) records: Ensure that your mail server's IP address has a correctly configured Reverse DNS (PTR) record. A mismatch or absence of this record can cause 550 errors and unauthorized flags.
• Bulk sender tickets: For significant email volumes, consider opening a ticket with large email providers like Google if you are a bulk sender, although direct intervention for PBL issues is unlikely from them. For more, refer to our guide on Google Postmaster Tools.
• Email authentication: Marketers must understand that proper email authentication (SPF, DKIM, DMARC) is essential for email deliverability, especially when troubleshooting IP authorization problems. Incorrect SPF configurations can lead to errors such as SPF unauthorized mail is prohibited.

Key opinions

• Policy-based rejections: Experts confirm that PBLs are lists of IPs whose direct mail sending is prohibited by the owning ISP's policy. Receivers, like Google, honor these policies.
• ISP control: It is unequivocally stated that only the ISP can resolve issues related to PBL listings or general IP authorization for their allocated IP ranges.
• Authentication importance: Proper SPF, DKIM, and DMARC setup is paramount for email authorization. Lack of proper alignment is a common cause of such rejections. Our guide on email authentication offers more insights.
• Relay usage: When direct sending is not permitted, using an SMTP relay is the correct technical approach, as it ensures mail is sent via an authorized path.
• Proactive monitoring: Experts advise constant monitoring of sending IPs for blocklist listings and reputation degradation to prevent sudden deliverability outages. Utilize a blocklist checker.

Key considerations

• ISP communication strategy: Prepare specific questions for your ISP, including asking for confirmation on whether the IP is designated for direct mail sending or if it is indeed on a PBL.
• Understand PBL purpose: Recognize that PBLs are not traditional spam blacklists; they are policy lists. This distinction is crucial when discussing with your ISP.
• Review log messages: Analyze the full error message for clues, such as specific reference codes or URLs provided by the recipient server, as these can guide troubleshooting.
• Long-term solutions: If using dedicated IPs, implement consistent sending practices and monitor reputation to prevent future blocklistings and authorization issues. See why your dedicated IPs are blocked.

Key findings

• ISP authority: Documentation from Google states that the ISP providing the IP address is responsible for determining whether it is authorized to send mail directly.
• SMTP relay guidance: The common resolution provided is to use an SMTP relay service from the internet service provider, rather than attempting to send directly from a potentially policy-blocked IP.
• Spamhaus PBL relevance: Information suggests that Google (and others) may reject emails from IPs listed in the Spamhaus database, specifically mentioning the PBL as a frequent cause for this type of unauthorized error.
• Authentication checks: Documentation indicates that proper email authentication (SPF, DKIM, DMARC) is essential for mail to be accepted, and failures can result in rejection messages like 'not authorized'.
• Reverse DNS (PTR) importance: Absence or mismatch of a PTR record for the mail server's IP address is a documented reason for 550 errors and unauthorized sender rejections.

Key considerations

• Verify SPF record: Ensure your SPF record correctly lists all IP addresses and hostnames authorized to send emails for your domain. An incorrect or missing SPF record is a common cause of 'SPF fail - not authorized send' errors.
• Check email error codes: The '550-5.7.1' error code is specific and points to sender policy issues. Understanding these codes helps in diagnosing the problem. Documentation often provides a library of such errors.
• ISP communication protocol: Official advice emphasizes that direct engagement with your ISP is the correct route for resolving PBL issues or unauthorized IP status, as external mail providers cannot override these policies.
• Ongoing monitoring: Documentation implicitly encourages continuous monitoring of IP status and deliverability metrics, often suggesting tools like Postmaster Tools.