RFC 5248: SMTP Enhanced Status Codes Registry
ELI5: RFC 3463 defined the original set of enhanced status codes like
5.1.1 (user unknown). But email keeps evolving — DMARC, TLS, new security policies — and each needs new status codes. RFC 5248 creates the official IANA registry where all these codes are tracked, and defines the rules for adding new ones so the system stays organized and consistent.
Why This Exists
Enhanced status codes (RFC 3463) use a three-part class.subject.detail format to precisely describe why a message was accepted, rejected, or delayed. The original RFC defined a fixed set of codes, but new email technologies kept needing new codes:
- DMARC failures needed
5.7.25and5.7.26 - Null MX (RFC 7505) needed
5.1.10 - TLS requirements needed codes in the
X.7.Xsecurity range - Authentication extensions needed
X.7.20throughX.7.27
Without a formal registry, new codes were assigned ad hoc and risked collisions. RFC 5248 establishes the IANA "Simple Mail Transfer Protocol (SMTP) Enhanced Status Codes" registry, with clear rules for registration and a requirement that every new code has a defined meaning.
How It Works
The registry organizes codes by their three components. New codes are added through the IETF standards process, and each entry documents:
Registry Entry Format
| Field | Description |
|---|---|
| Code | The X.Y.Z enhanced status code |
| Sample Text | A human-readable description of the condition |
| Associated Basic Status Code | The SMTP reply codes this enhanced code may appear with |
| Description | Detailed explanation of when to use this code |
| Reference | The RFC or document that defined this code |
| Submitter | Who requested the registration |
| Change Controller | Who can update this entry (usually IESG) |
SMTP Response with Registry-Defined Code
MAIL FROM:<sender@example.com> 250 2.1.0 Originator address accepted RCPT TO:<user@example.org> 550 5.7.26 This message does not pass DMARC evaluation ^^^^^ Registered in IANA registry, defined by RFC 7372 RCPT TO:<nobody@null-mx.example> 556 5.1.10 Recipient address has null MX ^^^^^^ Registered in IANA registry, defined by RFC 7505
Key Technical Details
Enumerated Status Codes (Class + Subject)
RFC 5248 defines "enumerated status codes" that combine class and subject values. The class remains 2, 4, or 5, and the subject values are:
| Subject | Category | Example Codes |
|---|---|---|
X.0.X |
Other / Undefined |
X.0.0 — other undefined status |
X.1.X |
Addressing |
5.1.1 bad mailbox, 5.1.2 bad domain, 5.1.10 null MX |
X.2.X |
Mailbox |
4.2.2 mailbox full, 5.2.1 mailbox disabled |
X.3.X |
Mail System |
5.3.4 message too big |
X.4.X |
Network / Routing |
4.4.1 no answer from host, 4.4.2 bad connection |
X.5.X |
Mail Delivery Protocol |
5.5.1 invalid command, 5.5.2 syntax error |
X.6.X |
Message Content |
5.6.1 media not supported |
X.7.X |
Security / Policy |
5.7.1 delivery refused, 5.7.26 DMARC fail |
Codes Added Since RFC 3463
| Code | Meaning | Defined By |
|---|---|---|
5.7.20 |
No passing DKIM signature found | RFC 7372 |
5.7.21 |
No acceptable DKIM signature found | RFC 7372 |
5.7.22 |
No valid author-matched DKIM signature | RFC 7372 |
5.7.23 |
SPF validation failed | RFC 7372 |
5.7.24 |
SPF validation error | RFC 7372 |
5.7.25 |
Reverse DNS validation failed | RFC 7372 |
5.7.26 |
Multiple authentication checks failed (DMARC) | RFC 7372 |
5.7.27 |
Sender address has null MX | RFC 7505 |
5.1.10 |
Recipient address has null MX | RFC 7505 |
Registration Policy
New codes require "Specification Required" per IANA policy. This means a published specification (typically an RFC) must define the code's semantics. The designated expert reviewer ensures there are no conflicts with existing codes and that the new code fits within the correct subject category.
Common Mistakes
- Hardcoding a fixed set of status codes. The registry is extensible. New codes are added regularly. Build your bounce processor to handle unknown codes gracefully by falling back to the class (2/4/5) and subject category.
- Inventing non-registered codes. Some mail servers return custom enhanced status codes not in the registry. While technically valid as private-use, this harms interoperability. Use registered codes whenever possible.
-
Ignoring the class digit when handling new codes. If you encounter
5.7.28(a hypothetical future code), you may not know its specific meaning, but you know it is a permanent security/policy failure. The class and subject are always meaningful. -
Not distinguishing between class 4 and class 5.
4.2.2(mailbox full, temporary) and5.2.1(mailbox disabled, permanent) share the same subject but require completely different handling. Always check the class first. - Assuming all servers use enhanced codes. The ENHANCEDSTATUSCODES SMTP extension is widely but not universally deployed. Your bounce parser must handle responses that only contain the basic three-digit code.
Deliverability Impact
-
Precise bounce classification. The registry gives you a standardized vocabulary for why messages fail.
5.7.26means DMARC failure — fix your authentication.5.1.1means invalid address — remove it from your list. Without consulting the registry, you are guessing. -
Authentication failure diagnosis. The
5.7.20–5.7.26range of codes added by RFC 7372 lets you pinpoint exactly which authentication mechanism failed: DKIM, SPF, reverse DNS, or DMARC alignment. -
Future-proof bounce handling. By parsing the class and subject from any code, even unrecognized ones, your system degrades gracefully as new codes are registered. A
5.7.Xcode you have never seen is still a permanent security rejection. - Correlating with DSN reports. Enhanced status codes appear in both SMTP responses and DSN reports (RFC 3464). The registry ensures the same code means the same thing in both contexts, enabling consistent bounce processing.