Knowledge Base

Emails are not sent (550 5.1.8 Access denied, bad outbound sender)

Problem:

When a user sends an email, it does not reach the recipient, and this user gets a non-delivery report with the following error:

550 5.1.8 Access denied, bad outbound sender AS(41000001)
Your message couldn't be delivered because you weren't recognized as a valid sender. The most common reason for this is that your email address is suspected of sending spam and it's no longer allowed to send messages outside of your organization. Contact your email admin for assistance.

Solution:

This error means that Office 365 (Microsoft 365) has added the user to the blocked senders' list because this person's emails have been recognized as spam. This might happen, for example, if the user has sent an email to a large number of recipients, exceeding the limits of the Office 365 plan (you can check the Office 365 sending limits for individual recipients and distribution groups in this Microsoft's article).

To solve this problem, the admin of the Office 365 tenant needs to:

  • Make sure that the user account has not been hacked or compromised in any way. See this MS article to learn more, or check these guidelines for admins.
  • If the tenant admin is certain that the account is safe, they need to follow these steps to remove the account from the block list and resume its mail flow:
  1. Log in to the Microsoft Defender XDR (Microsoft 365 Defender) portal.
  2. Go to Email & collaboration > Review > Restricted Entities, as shown in Fig. 1.

Accessing the list of blocked users in the Microsoft Defender XDR portal.
Fig. 1. Accessing the list of blocked users in the Microsoft Defender XDR portal.

  1. Select the entry related to the user you want to whitelist by clicking it and next click Unblock (Fig. 2.).

Choosing the entry with the user’s account you want to remove from the block list.
Fig. 2. Choosing the entry with the user’s account you want to remove from the block list.

  1. The Unblock User wizard that opens contains detailed information on the reason for blocking the account as well as recommendations for actions and improving the protection level. Since you’re certain that the user’s account is safe, you can proceed by clicking Next > Submit.
  2. Finally, click Yes to confirm that you want to remove restrictions from the user (Fig. 3.). Keep in mind that removing the restrictions may take up to 1 hour.

Confirming the removal of restrictions.
Fig. 3. Confirming the removal of restrictions.

Tip

Office 365 can notify you when your users get blocked. It can also forward all suspicious emails to your mailbox. To configure these options, go to Email & collaboration > Policies & rules > Threat policies > Anti-spam and click the policy of your choice. Next, scroll down and click Edit protection settings. Now, you can enable the options (Fig. 4., items 1) and provide your email address in both the fields (Fig. 4., items 2) to receive notifications as well as suspicious emails.

Configuring Office 365 to notify you of blocked users and forward all suspicious emails to your mailbox.
Fig. 4. Configuring Office 365 to notify you of blocked users and forward all suspicious emails to your mailbox.

Troubleshooting

If the list of restricted users is empty but the user’s emails are still blocked, it may mean that the default outbound spam policy in the Microsoft 365 Defender admin center comes into play, locking the user who exceeds its message count limit out.

There’s no way for an admin to add an exception (the affected user) to the default policy named Anti-spam outbound policy (Default) because the policy is applied organization-wide using the setting configured for the Restriction placed on users who reach the message limit option (see Fig. 6.). Instead, the admin can increase global message limits to appropriate value(s) that will prevent the user from being blocked.

Warning

Remember to increase the limits with care. Setting limits too high may cause your domain to be blacklisted and lose reputation for sending too many emails.

  1. Open the Anti-spam policies page by clicking this link (you may be required to log in with your admin account).
  2. Select Anti-spam outbound policy (Default).
  3. In the pane that opens, click Edit protection settings (Fig. 5.).

Accessing default anti-spam outbound policy settings.
Fig. 5. Accessing default anti-spam outbound policy settings.

  1. Enter a higher value of external, internal, or daily message limit, depending on which one applies to the affected (restricted) user (Fig. 6.). The maximum value for each field is 10000.

Tip

It might be a good idea to ask the affected user how many emails they (intend to) send externally, internally or daily on average. That way, you can avoid setting the values to an unnecessary high level, which can be potentially risky for your domain’s reputation.

Message limit settings.
Fig. 6. Message limit settings.

Was this information useful?