Email bounces fall into two categories with completely different operational responses: hard bounces (permanent failures) require immediate and permanent suppression; soft bounces (temporary failures) require intelligent retry logic. Getting this classification wrong in either direction damages deliverability — suppressing too aggressively removes valid addresses from your list, suppressing too loosely sends to invalid addresses that damage IP reputation and generate spam trap hits.

5.XX
hard bounce — permanent, remove immediately
4.XX
soft bounce — retry up to 72h then suppress
2%
max hard bounce before ISP throttling starts
0.5%
recommended max soft bounce rate per campaign

Inbox Placement vs Hard Bounce Rate — ISP Response Curve

95%< 0.5%82%0.5-1%61%1-2%38%2-3%18%3-5%4%> 5%

Hard Bounces vs Soft Bounces: The Fundamental Distinction

Hard bounce (permanent failure): The destination mail server definitively rejected the message with a 5xx SMTP error indicating the address, domain, or policy is permanently invalid. Examples: the email address doesn't exist, the domain has no MX records, the receiving server has a permanent policy block. Action: suppress immediately and permanently. Never retry.

Soft bounce (temporary failure): The destination mail server rejected the message with a 4xx SMTP error indicating a temporary condition. Examples: mailbox full, server temporarily unavailable, rate limit exceeded. Action: retry on a backoff schedule. After multiple consecutive soft bounces over 5–7 days, convert to suppression.

The distinction is encoded in the SMTP response code prefix: 5xx = permanent, 4xx = temporary.

SMTP Error Code Taxonomy

SMTP error codes follow a three-digit format (XYZ) where the first digit indicates permanent (5) or temporary (4) failure, the second indicates the general category, and the third provides detail.

CodeTypeMeaningAction
550 5.1.1HardUser or mailbox not foundRemove immediately
550 5.1.2HardDomain does not exist / DNS failRemove + check domain validity
550 5.7.1HardPolicy block / auth failureFix auth, then re-evaluate
452 4.2.2SoftRecipient mailbox fullRetry after 24h, max 3 attempts
421 4.7.0SoftToo many connections / rate limitThrottle send rate, exponential back-off
450 4.1.1SoftTemporary failure — greylistedRetry after 5 min then 30 min
421 TS02Yahoo softComplaint rate too highReduce volume 50%, suppress complainers
554 5.7.1HardBlacklisted IP or domainCheck Spamhaus/Barracuda, submit delisting

5xx hard bounce codes

# 5.1.1 — Bad destination mailbox address (address doesn't exist)
550 5.1.1 The email account that you tried to reach does not exist.

# 5.1.2 — Bad destination mailbox address domain (domain doesn't exist/have MX)
550 5.1.2 We weren't able to find the recipient domain.

# 5.1.3 — Bad destination mailbox address syntax (malformed address)
550 5.1.3 The address format is illegal.

# 5.4.1 — No answer from host (domain exists but not accepting email)
550 5.4.1 Recipient address rejected: Access denied.

# 5.7.1 — Delivery not authorised (policy block)
550 5.7.1 [x.x.x.x] The IP address sending this message does not have a
  good reputation.

# 5.7.26 — Gmail authentication failure
550 5.7.26 This message does not have authentication information.

# 5.7.28 — Gmail new sender policy
550 5.7.28 The SMTP server requires that you authenticate via a security
  policy set by the domain owner.

# 5.7.515 — Microsoft authentication failure (May 2025)
550 5.7.515 Access denied, sending domain does not meet authentication standards.

4xx soft bounce codes

# 4.2.1 — Mailbox busy or temporarily unavailable
421 4.2.1 The user you are trying to contact is receiving mail too quickly.

# 4.2.2 — Mailbox full
452 4.2.2 Your message exceeded Google's message size limits.

# 4.3.0 — Mail system full (infrastructure issue)
421 4.3.0 Please try again later.

# 4.4.2 — Connection dropped or timed out
421 4.4.2 Connection reset. j8si12345678.

# 4.7.0 — Security policy (Gmail rate limiting)
421 4.7.0 [IP] Our system has detected an unusual rate of unsolicited mail.

# 4.7.650 — Microsoft reputation throttling
421 4.7.650 The mail server [IP] has exceeded the maximum number of
  connections.

# TS01 — Yahoo complaint rate throttling
421 4.7.1 [TS01] Messages from x.x.x.x temporarily deferred due to user complaints.

ISP-Specific Error Codes That Matter

Gmail diagnostic codes

  • 5.7.26 — Authentication missing or failing. Fix SPF/DKIM/DMARC before any other action.
  • 4.7.0 (421) — Rate limiting due to unusual volume or complaint patterns. Back off; do not retry aggressively.
  • 5.7.1 with "Unsolicited mail" — Spam classification. Content or reputation issue.
  • 4.2.1 — Per-user rate limit (sending too many messages to a single Gmail address too fast)

Microsoft Outlook codes

  • 5.7.515 — Authentication failure (May 2025 requirement). Hard bounce — authentication is required to fix before retrying.
  • 5.7.606 — IP block listed in Microsoft's blocklist. Submit to sender.office.com for review.
  • 4.7.650 (421) — Connection rate exceeded. Reduce concurrent connections to Microsoft MXs.
  • 5.7.1 with "blocked" — IP is on Microsoft's internal blocklist. Use sender.office.com removal portal.

Yahoo/AOL codes

  • TS01 (421) — Complaint rate too high. Reduce sending, process FBL complaints, segment to engaged only.
  • TS02 (421) — IP reputation generally poor. Reputation improvement required.
  • TS03 (421) — Connection rate exceeded. Not a reputation issue — reduce concurrent connections to Yahoo MXs.
  • 554 delivery error — Permanent Yahoo rejection. Usually indicates the specific mailbox is full or deactivated.

Bounce Classification Logic

Automated bounce processing requires classification logic that maps SMTP codes to operational actions:

# Classification rules (PowerMTA bounce-action format)
# Hard suppress: definitive non-existent address
5.1.1 → suppress permanently (bad-mailbox)
5.1.2 → suppress permanently (bad-domain)
5.1.3 → suppress permanently (bad-syntax)
5.4.1 → investigate (may be temporary block or permanent policy)

# Policy blocks: investigate before suppressing
5.7.1 → flag for review (policy, may resolve with reputation improvement)
5.7.26 → fix authentication, not a list issue — do not suppress the address
5.7.515 → fix authentication — do not suppress

# Soft bounce: retry with backoff
4.x.x → retry every 4 hours, max 3 days; convert to soft-suppress after 3 days

# TS codes: rate limit, not list issue
4.7.1 TS01/TS02/TS03 → retry after ISP-specified delay; do not suppress

Suppression Policies: What to Suppress and When

Immediate permanent suppression: Any 5.1.1, 5.1.2, 5.1.3, or 5.1.6 response — these definitively mean the address is invalid. Suppress on first occurrence.

Soft-suppress after extended soft bouncing: An address that generates 4xx soft bounces for more than 5 consecutive days should be soft-suppressed (removed from regular sends, re-tested monthly). If a monthly test still produces soft bounces for 60 days, convert to permanent suppression.

FBL complaint suppression: Immediate and permanent on first complaint receipt. No exceptions, no evaluation of whether the complaint was "fair."

Manual unsubscribe: Process within 10 business days (CAN-SPAM) or immediately (best practice). Add to global suppression list, not just a single campaign exclusion.

Do NOT suppress for: 421 TS-code throttling, 4.7.0 Gmail rate limiting, authentication-related 5.7.x codes (these indicate your infrastructure problem, not an invalid address), or one-time 4xx temporary failures.

Bounce Rate Thresholds by ISP

ISP / ProviderHard bounce threshold (action)Notes
Gmail PostmasterNo published hard bounce limit; monitors via spam rate + engagementHigh bounce rate reduces domain reputation indirectly
MicrosoftInternal threshold; above 2% triggers enhanced filteringVisible in SNDS data
Mailchimp (ESP)Suspends account above 3% hard bounce rateESP policies vary but 2–5% is typical trigger
Best practiceBelow 0.5% hard bounce rate per campaignAnything above 2% indicates list quality problem requiring investigation

Bounce Handling in PowerMTA and Postfix

# PowerMTA: bounce-action rules in /etc/pmta/config
<bounce-action>
  type permanent          # Hard bounce
  match bad-mailbox bad-domain routing-errors
  action suppress         # Add to suppression list automatically
</bounce-action>

<bounce-action>
  type transient          # Soft bounce
  match quota-issues
  action retry
  retry-after 4h
  max-tries 18            # ~3 days at 4-hour intervals
</bounce-action>

<bounce-action>
  type transient
  match spam-related
  action retry
  retry-after 6h
  max-tries 12            # 3 days at 6-hour intervals
  # If still failing after 12 tries, message is held
</bounce-action>
# Postfix: soft bounce behaviour (main.cf)
# Retry interval for deferred messages
minimal_backoff_time = 300s    # 5 minutes minimum
maximal_backoff_time = 4000s   # ~67 minutes maximum

# Maximum time to keep trying before bouncing sender
maximal_queue_lifetime = 3d    # Bounce after 3 days of failures

# Soft bounce classification (prevents hard bounce on temp errors)
soft_bounce = no    # Set yes only in testing environments