Our thinking


Office 365 – Single users unable to send email – Access Denied, bad outbound sender error.

This has popped up a couple of times recently and I can never remember where to go in Office 365 to fix it, so after spending some time on the phone to Microsoft (who, by the way, were very helpful), I’ll document this here to hopefully make my life easier in the future.

The symptoms of the problem is that when a particular user goes to send email via Office 365, and it doesn’t matter what email client they are using – Outlook, Outlook on the Web (OWA) or even Apple Mail, the results are the same.

The user immediately receives a Delivery Failed (NDR) bounce-back message saying:

Your message couldn’t be delivered because you weren’t recognized as a valid sender. The most common reason for this is that your email address is suspected of sending spam and it’s no longer allowed to send email. Contact your email admin for assistance.

Under the further Diagnostic information for administrators, it also says

Remote Server returned ‘550 5.1.8 Access denied, bad outbound sender AS(42003)’

What is happened is that somehow the user account has been blocked by Office 365 – in this case it was because Microsoft thought the account was forwarding email to a suspicious address.

To fix this, go to the Office 365 Security and Compliance centre and check for Restricted Users

https://protection.office.com/restrictedusers

Search for the user’s email address – and give it a good couple of minutes to display the results, in my experience this is always slooooow.

Once it’s displayed the user in question, you can click on the Unblock link on the right-hand side to remove the restrictions, and then wait an hour or so for the change to propagate through Office 365.

4 thoughts on “Office 365 – Single users unable to send email – Access Denied, bad outbound sender error.

  1. Also make sure your Outbound Policy is NOT set to ‘limit sending to the following day’. If that was set, they won’t appear in the Restricted Users list to be able unblock them. There is NO way to get around that and override it, despite this option being the default action. Just set it to ‘limit the user from sending’, then they will appear in the Restricted Users list to unblock.

    1. Yes, this is a good point. According to Microsoft there is no way for an admin to override the block.
      https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-the-outbound-spam-policy?view=o365-worldwide
      Under “Action when a user exceeds the limits”, Microsoft state:
      Restrict the user from sending mail till the following day: This is the default value. Email notifications are sent, and the user will be unable to send any more messages until the following day, based on UTC time. There is no way for the admin to override this block.

      The user will be unable to send any more messages until the following day, based on UTC time. There is no way for the admin to override this block.

Leave a Reply to ewhizzCancel reply