Troubleshooting Guides

"Relay Access Denied" SMTP Errors and Fixes

Fix relay access denied SMTP errors caused by missing authentication, wrong SMTP server, wrong port, mail routing issues or application email misconfiguration.

By CheckDomainHealth Editorial Team Reviewed by Dionis Ceban Updated Jun 28, 2026 8 min read Intermediate

Introduction

"Relay access denied" is a common SMTP error when a mail server refuses to send a message on behalf of a sender. The server is protecting itself from being used as an open relay — a system that forwards mail for anyone on the internet.

This error usually appears when a website, app, mailbox or script tries to send email through a server without proper authentication, from an IP that is not allowed, or with settings that do not match the provider's outbound mail policy.

Quick answer

Quick answer

Relay access denied means the SMTP server will not send mail for you unless you authenticate correctly or connect from an allowed network. Fix it by using your provider's authenticated SMTP host, valid username and password, correct port and encryption, a proper From address, and SPF/DKIM/DMARC that match the real sending service.

What relay access denied means

SMTP relay is the process of handing a message to an outbound mail server so it can deliver the message to the recipient's mail host. Most providers only allow relay for authenticated users or trusted local services.

Typical error messages include:

  • 550 5.7.1 Relay access denied
  • 554 5.7.1 Relaying denied
  • 530 5.7.0 Authentication required
  • Client host rejected: Access denied
  • Must authenticate before sending mail

Common causes:

  • SMTP authentication is disabled or missing
  • Wrong SMTP username or password
  • Using PHP mail() or local sendmail without authentication
  • Connecting to the wrong outbound server or port
  • Sending from an IP that is not allowed to relay
  • From address does not match authenticated mailbox policy
  • Hosting provider blocks outbound SMTP from scripts
  • TLS/SSL mode does not match server requirements
  • Mail client configured for inbound server instead of submission server
  • App uses old credentials after a mailbox password change

Relay denied is usually an outbound SMTP configuration problem. MX records mainly control inbound mail delivery, but checking MX helps confirm you are using the right provider and mail infrastructure.

Do not disable relay protection on a public mail server. Fix authentication and sender policy instead.

Why this matters

Why this matters

If relay is denied, messages from contact forms, order notifications, password resets and business mail never leave the server. The failure may appear only in logs or bounce messages, so users think email works when it does not.

Fixing relay settings also improves deliverability because authenticated SMTP usually aligns better with SPF, DKIM and DMARC than unauthenticated local mail.

How to check SMTP relay settings

Start by confirming which mail provider handles your domain and whether outbound SMTP settings match that provider.

  1. MX records — Confirm which provider receives mail for the domain.
  2. SMTP host — Verify you use the provider's submission server, not a random relay host.
  3. Authentication — Confirm username, password and SMTP auth are enabled.
  4. Port and encryption — Test 587 STARTTLS or 465 SSL as documented by the provider.
  5. From address — Use a mailbox or sender allowed by the provider.
  6. App or plugin settings — Check WordPress SMTP, CRM, billing or form plugin configuration.
  7. Server logs — Review mail log or plugin error output for the exact SMTP response.
  8. SPF/DKIM/DMARC — Confirm DNS authorizes the real sending service after relay is fixed.

Check mail routing and DNS

Use MX Lookup to confirm which mail servers receive email for your domain and whether outbound settings match your provider.

Run MX Lookup →

Common problems

SMTP authentication disabled

High

The app or mail client tries to send without logging in to the outbound server.

Next step: Enable SMTP authentication and provide valid credentials.

Wrong SMTP username or password

High

Credentials are outdated, mistyped or use the wrong mailbox format.

Next step: Reset the mailbox password and update the app with the full SMTP username.

PHP mail() used instead of SMTP

High

The website sends through local server mail without authenticated relay rights.

Next step: Configure authenticated SMTP in WordPress or your application.

Wrong outbound server hostname

High

The client points to an inbound MX host or unrelated relay server.

Next step: Use the provider's documented SMTP submission hostname.

Wrong port or encryption mode

Medium

The server expects STARTTLS on 587 but the client uses plain text or the wrong SSL mode.

Next step: Match port, TLS and encryption settings to provider documentation.

From address not allowed

Medium

The message uses a From domain or address the authenticated user cannot send as.

Next step: Send from the authenticated mailbox or configure permitted send-as addresses.

Hosting blocks outbound SMTP

Medium

The host restricts script mail or blocks external SMTP ports.

Next step: Use the host's SMTP relay or a transactional email API/SMTP service.

IP not permitted to relay

Medium

The server only allows relay from localhost or specific networks.

Next step: Send through authenticated submission or ask the provider to allow the app server IP if supported.

Contact form spoofs visitor address

Medium

The form sets the visitor's email as From, which the server rejects.

Next step: Use your domain as From and the visitor address as Reply-To.

DNS authentication not aligned

Low

Relay may work after changes, but SPF/DKIM/DMARC still fail for the real sender.

Next step: Update SPF, enable DKIM and publish DMARC for the sending service.

How to fix relay access denied

  1. Step 1: Capture the exact SMTP error

    Copy the full response from mail logs, plugin test output or a telnet/OpenSSL SMTP test.

  2. Step 2: Identify the sending method

    Check whether mail is sent via PHP mail(), local sendmail, webmail SMTP or an external provider.

  3. Step 3: Use the provider SMTP host

    Configure the documented submission server for your host, workspace or transactional provider.

  4. Step 4: Enable authentication

    Turn on SMTP auth and enter the correct mailbox username and password or API credentials.

  5. Step 5: Set port and encryption correctly

    Use 587 with STARTTLS or 465 with SSL/TLS according to provider instructions.

  6. Step 6: Fix the From address

    Send from an allowed domain address and use Reply-To for visitor replies where needed.

  7. Step 7: Send a test message

    Use the mail client or plugin test feature and confirm the server accepts the message.

  8. Step 8: Verify SPF, DKIM and DMARC

    Update DNS so the authenticated sender is authorized and messages pass authentication checks.

SMTP relay examples

Good vs bad SMTP submission setup
Bad setup (often causes relay denied):

Method: PHP mail() / local sendmail
SMTP host: not configured
Authentication: none
From: visitor@otherdomain.com

Result:
550 5.7.1 Relay access denied

Good setup:

SMTP host: mail.example.com
Port: 587
Encryption: STARTTLS
Authentication: enabled
Username: no-reply@example.com
Password: mailbox or app password
From: Website <no-reply@example.com>
Reply-To: visitor@otherdomain.com

SPF includes the real sending service
DKIM enabled for example.com

Result:
Message accepted by SMTP server

Example authenticated SMTP settings:

Host: smtp.example.com
Port: 587
Security: STARTTLS
Username: no-reply@example.com
Password: app-specific password

Examples are illustrative. Replace hostnames, ports and credentials with values from your mail provider or hosting documentation.

Frequently asked questions

What does "relay access denied" mean in SMTP?

The mail server refused to send the message because the sender is not allowed to relay mail through that server. This is usually an authentication or authorization problem, not a DNS typo.

Is relay access denied the same as SPF fail?

No. Relay access denied happens during SMTP submission before the message is accepted. SPF fail happens later when the receiving server checks whether the sending IP is authorized in DNS.

Why does my contact form get relay denied errors?

The website may be trying to send through the local server without SMTP authentication, or it is using the wrong outbound host, port or credentials.

Do I need SMTP authentication to send mail?

In most cases, yes. Public mail servers block unauthenticated relay to prevent spam. Use your provider's SMTP host, port, username and password.

Can wrong From address cause relay denied?

Sometimes. Some servers reject messages when the From domain does not match the authenticated mailbox or allowed sender policy.

Which SMTP port should I use?

587 with STARTTLS is common for authenticated submission. Port 465 with SSL/TLS also works on many hosts. Avoid port 25 for client submission unless your provider requires it.

When should I use a transactional email provider?

Use one when website forms, apps or scripts need reliable authenticated sending and your hosting SMTP is restricted, throttled or hard to configure.

Use these free tools to verify your configuration after applying changes.

Browse all Troubleshooting guides →

Need help applying this fix?

Send us your domain, report link or issue details. CheckDomainHealth will review the request and route it to the right technical team if hands-on support is needed.

Get Help Run Domain Health Check

Was this guide helpful?

Your feedback helps us improve our guides for everyone.