Monitoring Rejected Messages

Document created by user.oxriBaJeN4 Employee on Sep 11, 2015Last modified by user.oxriBaJeN4 Employee on Apr 2, 2019
Version 14Show Document
  • View in full screen mode

We reject messages that match certain criteria. For example they contain a virus signature, or are destined to a non-existent recipient. In these instances no email data is accepted by us, and the messages cannot be retrieved. With rejections, we send a rejection code to the sending mail server which sends a Non-Delivery Report (NDR) to the sender.


Rejected messages are displayed in the Rejection Viewer. Use this to troubleshoot failed inbound delivery attempts. The rejection information displayed details why we rejected a message, which can be for the reasons listed below. If a message is legitimate, you can use this information to address the issue, and ensure the message is delivered to the recipient on the next send attempt.


Using the Rejection Viewer


The Rejection Viewer lists all rejections for the current day, although rejection information is retained for seven days. The information includes the sender's address, recipient’s address, the sending mail server's IP address (known as the Triplet), the rejection type, and the rejection date / time.


Rejection_Properties.pngTo search for a failed email connection:

  1. Log on to the Administration Console.
  2. Select the Administration toolbar menu item.
  3. Select the Monitoring | Rejections menu item.
  4. Enter either the Email Address, Domain or IP Address in the search bar.
  5. Select the Search button. Any rejected messages are displayed.
  6. Select a message to view the Rejection Properties.


Common Rejection Types and Resolutions


Rejection TypeRejection Description
Rejection Resolution
IP found in RBLThe sending IP address is a known spammer, and is either listed in a block list, or the IP address has a poor reputation.Add the sender's details to a Permitted Senders policy, and remove the sender from the block list.
Sender failed to RetryApplied to unknown sending addresses, where the sending email server hasn't re-attempted delivery of the message within 12 hours.

The temporary fail check is part of the greylisting process. It can be bypassed by configuring an Auto Allow, Permitted Senders, or Greylisting policy.

Invalid Recipient AddressThe email address doesn't exist or is incorrect, so we cannot deliver the message.The sender must resend the message to a valid email address.
Virus Signature DetectedAn anti-virus signature has been triggered, and the message is categorized as malware.Anti-virus checks cannot be bypassed.
Spam Signature DetectedAn anti-spam definitions has been triggered. The message is only rejected if there's a very high content of spam words or phrases.Anti-spam checks can be bypassed using a Permitted Senders Policy.
Envelope Rejected / Manual Envelope RejectedA blocked sender policy has been triggered, which prevents the message from being accepted by us.Delete or modify the Blocked Senders Policy to exclude the sender's address.

Rejected by header based Blocked Senders – Block policy for Header From

Envelope Rejected – Block policy for Envelope from address

Rejected by header based manually Blocked Senders – block for manual block

A blocked sender policy has been triggered, which prevents the message from being accepted by us. The policy is configured to scan the Envelope or Header address, as described by the error code.

Anti-Spoofing Lockout - Inbound not allowed

An Anti-Spoofing Lockout policy has been triggered. It blocks inbound messages originating from an external source destined to the internal domain, where the external source is masquerading as an internal domain sender.

Create an Anti-Spoofing Policy to exclude the sender's address or IP address.

SMTP Code [Error Description]View the Mimecast SMTP Error Codes page for full details.Resolution is dependent on the recipient MTA.
Invalid Sender AddressThe sender address has been blocked by the next hop mail server.Normally due to Sender Callback Verification failing, and happens when <> (null addresses) are blocked.
IP Reputation PolicyThe sender's reputation has caused the rejection action.View the Connection Attempts page for further details.
Message Size Limit ReachedThe message size is too large to be accepted by us.An Email Size Limits Policies may be in effect.
To create an Auto Allow entry, ask the internal end user to send a message to the original sender, asking them to resend the message in question. When they do, it adds the recipient to the Auto Allow database. When the sender resends the message, it bypasses both reputation and spam scanning checks.


Troubleshooting Failed Email Delivery


When troubleshooting failed or delayed messages, we recommend using Tracking. This searches all our viewers and queues, and displays where the message attempt is logged and if it has been accepted and archived. If a message is rejected, you can select the entry to view additional information in the Rejection Viewer.


See Also...


2 people found this helpful