Summary: "Relaying denied" is an obscure error you may receive in a bounce message. We'll look at what relaying is, and why it might be denied.
I hope you might be able to help with the following problem. When attempting to send email from 'Outlook Express' the error message "The message could not be sent because one of the recipients was rejected by the server. Relaying denied. Proper authentication required.'"
What does that mean, and how do I fix it?
•
To understand what situations can result in this error, and thus how or if we can solve them, we need to look at exactly how email gets from your computer to its recipient.
It can be a short trip, or a lengthy one, depending on a number of factors.
And one of those factors is the relay.
•
When you send mail using the email program on your PC to someone else, in your mind you probably have a picture like this:
You send email, magic happens as it goes out on to the internet, and your recipient downloads it.
We need to look a little more closely at that magic.
In reality the process is more like this:
When you send a message it's actually a multi-step process:
-
Your email program contacts your ISP's email server (or the server of whatever email provider you use) and sends that message to that server, typically using SMTP, the "Simple Mail Transport Protocol".
-
Your ISP's email server then looks at the domain (the part after the "@" in an email address) of your intended recipient, and looks up the server out on the internet that is responsible for handling that domain's email. (The "MX" record in the Domain Naming System or DNS).
-
Your ISP's email server then contacts that server directly, and once again using the SMTP protocol sends the email on.
-
The receiving server, because it handles email for the recipient's domain, accepts the email, examines the email name (the part before the "@") and places the message into a mailbox for that email name.
-
Your recipient eventually downloads email, typically using the POP3 or IMAP protocols, and the email arrives on their machine.
That's what happens most of the time.
Now, the email system - like the internet itself - is designed to be both flexible and robust. The scenario above assumes that any ISP's email server can connect to any other ISP's email server directly across the internet to deliver email.
Sometimes that's not possible. A middle-man gets involved.
The job of that server is to accept email from a server on one side, and pass it on to a server on the other.
In other words to "relay" that email.
In fact, in the first scenario above without the middle man, your ISP's email server is acting as a relay as well; it's accepting mail on one side (from you) and sending it on to another (the recipient's server).
Any email server that accepts email for a domain simply for the purposes of forwarding that email on to another email server is a relay.
Now, this is where spam, or rather spam prevention, starts to complicate things.
When you send email through your ISP, you "authenticate" as you send - meaning that your ISP knows who you are, and that you have the authority to send email to anyone through the server.
When your ISP's server contacts the recipient's server it does not authenticate. The receiving server looks at the destination of the email, knows that it's for an email address on a domain that it manages, and therefore knows that it is supposed to accept email for that domain.
Each server in the path accepts the email either because the sender has authenticated and is allowed to send anything, or because the server handles the email for the specific recipient.
So, what happens if some random server tries to deliver mail to a server on which it has no authorization, and for which that server does NOT handle the email for the intended recipient?
You guessed it ... relay denied.
When an email server receives an email then:
-
if the sender of an email has not been authenticated to send mail
and
-
if the recipient of that email is not handled by that server
it's considered a request to relay that message on to its final destination.
A server that would accept email from just anyone, and forward it on as needed is called an "open relay", meaning anyone could use it without accountability. In other words - spammers.
Most servers deny relays specifically for the purposes of preventing spam. Open relays were once commonplace, and a convenient way to simply connect up and send email. Today an open relay is considered a serious security hole, as it allows spammers unfettered access to send their junk.
So, what do YOU do if you get the "Relaying Denied" message in response to something you sent?
|
In reality, the vast majority of "relaying denied" messages today are due to email server misconfigurations over which you have no control. When email starts to fail server administrators often hear about it pretty quickly, and move to fix whatever has caused the issue. Trying again in a few hours, or a few days, is often the most effective solution.
Related:
-
Why does email bounce? Email can bounce for many reasons. I'll look at several of the most common mail bounce messages, and try to interpret what they really mean.
-
Why can't I send mail from my hotel room? Spam may be to blame if you can't send email from your hotel room.
-
What is POP? Or POP3? Or a POP account? And what about SMTP? POP, POP3 and SMTP are all acronyms that you might see used when talking about configuring email. We'll look at what they mean, and how they relate.
Article C3891 - October 7, 2009
I loved your first diagram and laughed as it came up. 'magic happens' [like Rumsfeld's 'stuff happens'] describes so much of what hasppens in life, not just in computing.Much of medical pratice and therapy is covered by 'magic happens'.
Posted by: Dr. Raphael Eban at October 13, 2009 10:07 AMLeo, there's actually another step early in the authentication process that can cause this error, and it's one often encountered by business traveleres like me. My e-mail is provided by RoadRunner, and when I'm home, I'm physically connected to the RoadRunner network domain and everything is fine. When I travel, however, I'm connected to either a hotel's or client's network, or in some cases a public (wireless) network.
So, the first thing the RoadRunner servers do is to authenticate the server I'm physically connected to. The RoadRunner servers will start by determining if they will "trust" the server I'm connected to; that can fail if the server I'm on doesn't meet the minimum level of security protocols (this is usually a maintenance issue with a hotel's network). (The figures above could be updated to add this "connection domain" server between your computer and the SMTP server.)
Sometimes I can work around this by changing my outbound settings to "log on to inbound server before sending mail". If that doesn't work, I contact the hotel network provider's support number and ask for the IP address of their SMTP server. (If you do change the SMTP server while on the road, set an outlook reminder to change it back when you get home.)
This solves the first half of the authentication problem (denial by your usual SMTP server), though your recipient's servers may still deny relaying from the hotel's SMTP server. In that case, there's always your ISPs web mail option (BCC yourself to get a copy to save in Sent Mail).
Finally, if you consistently have problems with one hotel's (or hotel chain's) network, bug them to keep their servers up to date!
div class="leocomment">There's another hotel related scenario as well: Why can't I send mail from my hotel room?
14-Oct-2009
Hello Leo!
Posted by: Viggo at October 13, 2009 1:55 PMThks for a very good explanation about what really happens when sending an e-mail. An image is worth a thousand words - once again proved to be true.
Wonderful work!
Viggo.
Hello Leo!
Posted by: David at October 19, 2009 12:44 AMI really find Good and helping answers from you everytime I visit your site. Especially the "relaying denied" The explanation is weel done that even a blind person can understand. Thks