Cold email infrastructure starting at $1/mailbox. Volume discounts down to $0.55.Calculate your cost
ColdRelay
← All SMTP Errors
SMTP Error Reference

421 4.7.32

Gmail: suspicious account activity — sending account flagged

Gmail flagged the sending Google Workspace account itself (not the IP or domain) for suspicious activity. Deferral until the account-quality signal clears or the account is reviewed.

Last updated: May 23, 2026

Overview

What 421 4.7.32 Means

What it means

421 4.7.32 is Gmail's account-quality deferral. The signal is about the sending account itself: login pattern, mailbox age, password-reset history, recent failed-login attempts, or activity that looks like a compromised credential. This is distinct from IP/domain reputation — Gmail believes the human account behind the sending may have been hijacked.

Who you'll see it from

Google Workspace accounts sending through their own Google MX (smtp.gmail.com or aspmx.l.google.com). Less common for cold email sent through Workspace, but it does happen when Workspace is used as the outbound platform.

Why it happens

Recent unusual login (login from an unfamiliar IP, country, or device); the account was created very recently and immediately started sending bulk; password was reset and large volume followed; or the account is sending to an unusual recipient profile (large volume to addresses with no prior interaction).

Resolution

How to Fix 421 4.7.32

  1. 1

    Check the Google Account Activity log

    Log into the affected Workspace account and visit myaccount.google.com/security. Review recent logins. If you see logins from IPs or countries you don't recognize, the account may genuinely be compromised — change the password and revoke active sessions before resuming.

  2. 2

    Reduce send volume from the account

    If the account is legitimate, the trigger is likely volume relative to account age or login pattern. Cap daily sends from this account at 50% of what triggered the deferral. Workspace accounts are not designed for cold-email-style bulk — the per-account ceiling is around 2,000 messages/day even when the account is fully trusted.

  3. 3

    Stop logging in from multiple geographies

    Cold email tools that connect via OAuth from data-center IPs cause exactly this signal — your account logs in from a residential IP one minute and from a Amazon EC2 IP the next. Pick one connection method (OAuth via your tool, or directly from your office IP) and stay consistent.

  4. 4

    Wait 24-48 hours for the signal to clear

    Account-quality signals are time-decayed. If you reduce volume and stop irregular logins, the deferrals stop within 1-2 days. Sustained volume without behavior change extends the deferral.

  5. 5

    Consider migrating to dedicated infrastructure

    Workspace was designed for human-paced email, not cold outreach. Even fully-trusted accounts hit account-quality friction when used for outbound at scale. The structural fix is moving cold sending off Workspace entirely and onto dedicated infrastructure with its own IP reputation. The Google Workspace migration guide (coldrelay.com/guides/how-to-migrate-from-google-workspace-to-dedicated-infra) walks through the path.

Authority

References

Cold email infrastructure

421 4.7.32 in the Cold Email Context

421 4.7.32 is the canonical sign that you've outgrown Workspace as a cold email platform. Workspace has hard ceilings (around 2,000 messages/day per account) and softer account-quality ceilings that kick in much earlier for accounts that look like they're sending bulk. The clean migration path is moving cold sending off Workspace and onto dedicated infrastructure. ColdRelay provisions purpose-built sending domains, dedicated IPs on isolated Azure tenants, and 4-send-per-mailbox-per-day discipline (2 outbound + 2 warmup) — none of which Workspace was designed to deliver. Workspace stays for your team's reply mailbox; cold sending moves to ColdRelay.

FAQ

Frequently Asked Questions

Was my Google account actually compromised?

Maybe, maybe not. The signal triggers on unusual patterns — sometimes those are genuine compromise, sometimes they're just cold-email tools connecting from data-center IPs. Check the security log to confirm. If you don't recognize the IPs, treat as compromise.

Will the deferred mail eventually deliver?

4.x.x codes are transient, so your sending platform retries. Most messages clear within 24-48 hours if you stop pushing volume. If the underlying account-quality signal doesn't clear, mail eventually fails as 5.x.x and bounces after 72 hours.

How long does account-quality recovery take?

Typically 1-2 weeks of normal, human-paced usage. Resume sending at 50 messages/day for a few days, then 100, then ramp up only after the deferrals stop. Bulk pattern resumption within 24 hours of the trigger usually re-triggers.

Can I migrate the same domain to ColdRelay?

Yes. You move the MX record off Google, the domain's outbound is then handled by ColdRelay's dedicated infrastructure, and Workspace stays available for non-MX uses (Calendar, Drive, etc.) on the same domain via the *.coldrelay catch-all or a subdomain split. The migration guide details the DNS sequencing.

Keep reading

Related SMTP Errors and Guides

SMTP Error
421 4.7.1
Gmail: message rate limit exceeded — sender deferred
SMTP Error
421 4.7.28
Gmail: too many messages from your IP
SMTP Error
550 5.7.1
Spam policy violation — receiver rejected the message on policy grounds
Integration
Use Instantly with ColdRelay
Integration
Use Smartlead with ColdRelay
Guide
How To Migrate From Google Workspace To Dedicated Infra
Use Case
Cold Email Infrastructure For Sales Teams
Use Case
Cold Email Infrastructure For Agencies

Stop Seeing 421 4.7.32 For Cold Email

ColdRelay ships clean, dedicated infrastructure with SPF, DKIM, DMARC, and reverse DNS configured automatically — the same fixes that resolve most 421 4.7.32 bounces. Starting at $50/month.

Start for $50/month →