There are three main things to look for when faced with a NDR (Non-Deliverable-Report): the sending server, the server that encountered the problem or what the problem was.

The sending server

or "Reporting-MTA"

It's often presumed that the server where the bounce originates from is the server that had the issue. Although this is possible if it's a local error, most often it is the NEXT server in the route that caused the problem.

You can find out what server is sending the message by looking in a few common places:

  • The "From" header - Often the "From" header in a NDR is "", this shows that "" is the sending server.
  • The "Generating server" - If the body says "Generating server:", this is the server sending the bounce.
  • The "Reporting-MTA" - The "Reporting-MTA" may be listed in the bounce. If so, this is the sending server.

The server that encountered the problem

or "Remote-MTA"

Since the sending server is often not the server that encountered the error, it's important to know where to find the logs of why the message was not delivered. Generally (when faced with a SMTP 5.x.x error) this is on the receiving server.

A few common places to find this server are:

  • The "Remote-MTA:" field in the bounce
  • The "Remote Server:" field in the bounce
  • Where it says "While talking to:" in the bounce

What the problem was

Usually the bounce contains more information than the Reporting-MTA's logs, but less than the Remote-MTA's logs. Nonetheless, it's usually enough to determine where to look next.

  • If the bounce says "while talking to:" it will say after that " said:"
  • The bounce may say in the body "Reason:", "Error:" or "SMTP 5.x.x [...diagnostic text...]"
  • The bounce may have text that is configurable by the Remote-MTA such as links explaining the error or general diagnostics. For instance "Rejected due to abuse. See for more information"

Sometimes the error is a local error. In this event there is no Remote-MTA and the error that is defined in the bounce is from the Reporting-MTA. This should be indicated by a reference to "localhost", "YourDomain.local" or a private IP, coupled with the absence of a Remote-MTA or it's equivalents.

There's often other information included in bounces including the headers of the message (please read our FAQ "How do I see the route of an email in the headers?" for more information) and the server that sent the original message (or the "Received-From-MTA"), but that information is beyond the scope of this FAQ. The goal of this FAQ is user-friendliness, but for in depth information you can read RFC 2821 section 3.7 "Relaying" for information on how email is relayed, and RFC 3464 for information about Delivery Status Notifications (DSNs).

Other Resources