Helping people with computers... one answer at a time.

"Relaying denied" is an obscure error you may receive in a bounce message. We'll look at what relaying is, and why it might be denied.

I hope you might be able to help with the following problem. When attempting to send email from 'Outlook Express' the error message "The message could not be sent because one of the recipients was rejected by the server. Relaying denied. Proper authentication required.'"

What does that mean, and how do I fix it?

To understand what situations can result in this error, and thus how or if we can solve them, we need to look at exactly how email gets from your computer to its recipient.

It can be a short trip, or a lengthy one, depending on a number of factors.

And one of those factors is the relay.

When you send mail using the email program on your PC to someone else, in your mind you probably have a picture like this:

Conceptual diagram of email being sent on the internet

You send email, magic happens as it goes out on to the internet, and your recipient downloads it.

We need to look a little more closely at that magic.

In reality the process is more like this:

Email being sent, showing servers

When you send a message it's actually a multi-step process:

  • Your email program contacts your ISP's email server (or the server of whatever email provider you use) and sends that message to that server, typically using SMTP, the "Simple Mail Transport Protocol".

  • Your ISP's email server then looks at the domain (the part after the "@" in an email address) of your intended recipient, and looks up the server out on the internet that is responsible for handling that domain's email. (The "MX" record in the Domain Naming System or DNS).

  • Your ISP's email server then contacts that server directly, and once again using the SMTP protocol sends the email on.

  • The receiving server, because it handles email for the recipient's domain, accepts the email, examines the email name (the part before the "@") and places the message into a mailbox for that email name.

  • Your recipient eventually downloads email, typically using the POP3 or IMAP protocols, and the email arrives on their machine.

That's what happens most of the time.

Now, the email system - like the internet itself - is designed to be both flexible and robust. The scenario above assumes that any ISP's email server can connect to any other ISP's email server directly across the internet to deliver email.

Sometimes that's not possible. A middle-man gets involved.

Email being sent, through a relay

The job of that server is to accept email from a server on one side, and pass it on to a server on the other.

In other words to "relay" that email.

In fact, in the first scenario above without the middle man, your ISP's email server is acting as a relay as well; it's accepting mail on one side (from you) and sending it on to another (the recipient's server).

Any email server that accepts email for a domain simply for the purposes of forwarding that email on to another email server is a relay.

Now, this is where spam, or rather spam prevention, starts to complicate things.

When you send email through your ISP, you "authenticate" as you send - meaning that your ISP knows who you are, and that you have the authority to send email to anyone through the server.

When your ISP's server contacts the recipient's server it does not authenticate. The receiving server looks at the destination of the email, knows that it's for an email address on a domain that it manages, and therefore knows that it is supposed to accept email for that domain.

Email being sent, showing why it's accepted

Each server in the path accepts the email either because the sender has authenticated and is allowed to send anything, or because the server handles the email for the specific recipient.

So, what happens if some random server tries to deliver mail to a server on which it has no authorization, and for which that server does NOT handle the email for the intended recipient?

Relaying Denied

You guessed it ... relay denied.

When an email server receives an email then:

  • if the sender of an email has not been authenticated to send mail

and

  • if the recipient of that email is not handled by that server

it's considered a request to relay that message on to its final destination.

A server that would accept email from just anyone, and forward it on as needed is called an "open relay", meaning anyone could use it without accountability. In other words - spammers.

Most servers deny relays specifically for the purposes of preventing spam. Open relays were once commonplace, and a convenient way to simply connect up and send email. Today an open relay is considered a serious security hole, as it allows spammers unfettered access to send their junk.

So, what do YOU do if you get the "Relaying Denied" message in response to something you sent?

  • Double check your own email program's configuration, making sure you're authenticating properly according to your ISP's instructions in order to be able to send email.

  • Double check the email address you're sending to, making sure that it's correct.

  • Try again later.

In reality, the vast majority of "relaying denied" messages today are due to email server misconfigurations over which you have no control. When email starts to fail server administrators often hear about it pretty quickly, and move to fix whatever has caused the issue. Trying again in a few hours, or a few days, is often the most effective solution.

Article C3891 - October 7, 2009 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

10 Comments
Dr. Raphael Eban
October 13, 2009 10:07 AM

I loved your first diagram and laughed as it came up. 'magic happens' [like Rumsfeld's 'stuff happens'] describes so much of what hasppens in life, not just in computing.Much of medical pratice and therapy is covered by 'magic happens'.

Jeff in Tampa
October 13, 2009 10:14 AM

Leo, there's actually another step early in the authentication process that can cause this error, and it's one often encountered by business traveleres like me. My e-mail is provided by RoadRunner, and when I'm home, I'm physically connected to the RoadRunner network domain and everything is fine. When I travel, however, I'm connected to either a hotel's or client's network, or in some cases a public (wireless) network.

So, the first thing the RoadRunner servers do is to authenticate the server I'm physically connected to. The RoadRunner servers will start by determining if they will "trust" the server I'm connected to; that can fail if the server I'm on doesn't meet the minimum level of security protocols (this is usually a maintenance issue with a hotel's network). (The figures above could be updated to add this "connection domain" server between your computer and the SMTP server.)

Sometimes I can work around this by changing my outbound settings to "log on to inbound server before sending mail". If that doesn't work, I contact the hotel network provider's support number and ask for the IP address of their SMTP server. (If you do change the SMTP server while on the road, set an outlook reminder to change it back when you get home.)

This solves the first half of the authentication problem (denial by your usual SMTP server), though your recipient's servers may still deny relaying from the hotel's SMTP server. In that case, there's always your ISPs web mail option (BCC yourself to get a copy to save in Sent Mail).

Finally, if you consistently have problems with one hotel's (or hotel chain's) network, bug them to keep their servers up to date!

div class="leocomment">There's another hotel related scenario as well: Why can't I send mail from my hotel room?

Leo
14-Oct-2009

Viggo
October 13, 2009 1:55 PM

Hello Leo!
Thks for a very good explanation about what really happens when sending an e-mail. An image is worth a thousand words - once again proved to be true.
Wonderful work!
Viggo.

David
October 19, 2009 12:44 AM

Hello Leo!
I really find Good and helping answers from you everytime I visit your site. Especially the "relaying denied" The explanation is weel done that even a blind person can understand. Thks

CISO
September 28, 2010 3:13 PM

See the comments at :

http://ask-leo.com/what_is_pop_or_pop3_or_a_pop_account_and_what_about_smtp.html

might give you more info about how to prevent unwanted Relay

George
January 5, 2011 7:38 PM

This is a good explanation. But, the problem is VERY inconvenient. It happens all too often for me. I think the ISP should take extra steps to make sure their customers do not have to go through this problem. I let my ISP know often when this error occurs.

Peter Malaysia
February 11, 2011 9:31 AM

Thanks for the clear explanation. As it says, "A picture tells a thousand words". I've already had this problem for a few days, checked numerous websites for solutions, talked to Microsoft staff (they wanted 90 Malaysian ringgit from me...of course I did not accept it), talked to my ISP provider staff, checked a few more websites, and finally hit the jackpot. Your clear explanation finally made sense and....presto! Problem solved. Thanks.

Gomoco
July 22, 2011 5:30 AM

sweet and straight to the point, i'm sure to be visiting this often

Vlad
April 22, 2012 5:49 AM

In the following relaying denied error:

Your message cannot be delivered to the following recipients:

Recipient address: contact@xxx.com
Reason: Remote SMTP server has rejected address
Diagnostic code: smtp;550 5.7.1 ... Relaying denied
Remote system: dns;mail.xxx.com (TCP|yy.yy.yy.yy|49953|xx.xx.xx.xx|25)

How can I tell which server exactly is rejecting the relaying? xx.xx.xx.xx is the IP address of the server where I am hosting the xxx.com domain, but I don't recognize the IP address yy.yy.yy. Pinging it times out and traceroute to it hangs on the 24th hop.

The domain xxx.com is registered with godaddy and hosted at xx.xx.xx.xx, with the zone file having (I believe) the correct settings taken from another domain hosted at xx.xx.xx.xx where mail delivery works properly.

Thank you.

Vlad

Vlad
April 22, 2012 10:03 AM

The solution in my case was to add xxx.com to local-host-names.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.