What 553 Means
Per RFC 5321, 553 'mailbox name not allowed' indicates the receiver refused to accept mail from the sender address as specified. The bare 553 (without enhanced status code) is the legacy form; modern receivers usually pair it with an enhanced code like 5.1.8 (sender address syntax) or 5.7.1 (policy reject of sender). The unifying meaning: 'we're not accepting mail FROM this address.'
Most receivers. The bare 553 is most common from older mail servers and self-hosted Postfix/Sendmail configurations. Modern hosted providers like Gmail and Microsoft typically use 550 with an enhanced code instead.
From address has syntax error (missing @, invalid characters, malformed local part); the From domain doesn't authenticate (SPF/DKIM fail and receiver treats sender as forged); the From domain is on the receiver's blocklist; the local part of the From address doesn't exist at the claimed domain (catch-all not enabled); or the receiver requires a verified sender and yours isn't.
How to Fix 553
- 1
Validate the From address syntax
Open a copy of the sent message and check the From header. It should be 'Display Name <local@domain.com>' with valid syntax. Common mistakes: spaces in the local part, missing @, multiple @ signs, or angle brackets nested incorrectly. Use a sending platform that constructs From headers programmatically rather than hand-typing.
- 2
Verify the From domain authenticates
Run the Email Deliverability Test at coldrelay.com/tools/email-deliverability-test against your sending domain. SPF, DKIM, and DMARC must all pass and align for the From-header domain. Auth failure makes the receiver treat From as forged — the 553 in that case is anti-spoofing enforcement.
- 3
Verify the From local part exists at the domain
If your sending platform claims From: alice@example.com but no mailbox 'alice' exists at example.com, some receivers treat that as forged and reject. Either configure a real alice mailbox or use a domain with catch-all addressing enabled. ColdRelay sets up the From mailbox as a real account during provisioning.
- 4
Check if your domain is on the receiver's blocklist
If the same From domain is being rejected across many recipients, the domain is likely on a public or recipient-specific blocklist. Check Spamhaus DBL (check.spamhaus.org) and run the Blacklist Checker at coldrelay.com/tools/blacklist-checker. Remediate the listing before continuing.
- 5
Test From a freshly-provisioned domain
If 553 is widespread and you suspect your domain has reputation damage, send a test from a new ColdRelay-provisioned domain (with no history) to the same recipient. If the new domain delivers, the old one has reputation damage and needs rest or replacement.
References
553 in the Cold Email Context
553 in cold email almost always traces to one of three causes: malformed From construction (hand-rolled SMTP that doesn't escape display names properly), the From mailbox doesn't actually exist at the domain (catch-all assumptions that break on strict receivers), or the From domain has reputation damage and the receiver is treating mail FROM it as suspect. ColdRelay's mailbox provisioning solves the second cause — every From address corresponds to a real mailbox on the sending domain, so receivers checking 'does this user actually exist' get a positive result. The dashboard's Mailboxes page shows the full From/To pairing per mailbox so you can verify From addresses match real mailboxes before sending.
Frequently Asked Questions
How is 553 different from 550?
Both are permanent rejections. 553 specifically targets the sender side ('mailbox name not allowed' — sender's address is unacceptable). 550 is more general ('requested action not taken' — could be sender, recipient, or content). Modern receivers tend to use 550 with enhanced codes for clarity; legacy and self-hosted servers use bare 553 more often.
Do I need a real mailbox to send From an address?
Technically no — SMTP doesn't require it. Practically yes — modern receivers do callback verification or treat phantom From addresses as suspect. Best practice for cold email: every From address is a real mailbox that can receive replies, set up via your sending platform's mailbox provisioning.
Can I send From a sub-domain?
Yes — subdomains are first-class email domains. Many cold email setups send from mail.yourdomain.com or send.yourdomain.com to isolate cold-email reputation from primary-domain reputation. The subdomain still needs its own SPF, DKIM, and DMARC published.
Why does From need to authenticate?
Post-DMARC (RFC 7489), the From-header domain is the identity receivers verify against. If the From domain doesn't have aligned authentication, receivers treat the message as potentially spoofed. The fix is publishing SPF, DKIM, and DMARC for the From domain — not changing what you put in From.