DISCLOSURE: This post may contain affiliate links, meaning when you click the links and make a purchase, we receive a commission.
If you’re scouring this article, it’s probable that you’ve been met with the “550 5.4 1 recipient address rejected access denied” error message while trying to send an email. This error indicates that your email has not been delivered, and a non-delivery report has been displayed instead.
Let’s dive into why this error has been displayed on your system rather than the email being delivered, and then look into what you can do to take care of this issue and prevent it from ever happening again.
Why Does The 550 5.4 1 Recipient Address Rejected Access Denied Error Occur?
The error is usually sent by your system’s Directory-Based Edge Blocking (DBEB) software. This software detects and rejects external emails whose addresses are not present within the Azure Active Directory.
Note: The Azure Active Directory is a Cloud-based management system that allows people to access external resources such as Microsoft 365.
Specifically, the “550 5.4 1 recipient address rejected access denied” error occurs when you try to send an email to a public folder mailbox as they are not synchronized with Azure Active Directory. This is because these emails require your email to be routed to external resources and sent back to the email server.
How to Resolve the “550 5.4 1 Recipient Address Rejected Access Denied” Error Message
To ensure that you are not faced with this error again, here are a few common fixes you can try depending on where your public folders are hosted:
On-premise Public Folders
If your Public Folders are hosted on your system, all you need to do to get rid of this error is to mail-enabled Public Folders that are considered valid by the DBEB. This will ensure that messages are delivered to them normally without any hassle. To make Public Folders valid for your DBEB, follow these steps:
- Open up the Microsoft Azure Active Directory Connect screen and click on the Optional Features option.
- Here, tick the box on the right of Exchange Mail Public Folders to ensure they are considered valid recipients.
Exchange Online Hosted Public Folders
If you have hosted your Mail Enabled Public Folders in Exchange Online, you will not be able to change the Directory-Based Edge Blocking settings as DBEB is not supported in Exchange Online. As such, there are two ways you can solve this issue: stop routing emails sent to Public folders to Exclaimer Cloud or Disable the DBEB.
How To Stop Routing Emails Sent To Public Folders To Exclaimer Cloud
The recommended approach to solving the “550 5.4 1 recipient address rejected access denied” error if you are hosted on Exchange Online is to change the route your emails take so that they are not routed to Exclaimer Cloud when sent to Public Folders. Here are the simple steps you can follow to do so:
- Log into Exchange Online and navigate your way to Mail flow.
- Here, click on rules and select the Identify Messages to send to the Exclaimer Cloud option.
- Click on Edits and scroll down to the Except if… section.
- Once there, select the Add Exception option and navigate your way to Recipient… Is this person.
- Once the Select Member’s dialog is shown, select all the public folder mailboxes in this section.
- To confirm these changes, select Add and then click Ok → Save to finalize your changes.
Bare in mind that these changes to the mail flow rule can take up to one hour to replicate in Microsoft 365.
How To Disable the Directory-Based Edge Blocking
If the previous solution has not worked for you, you can try completely disabling the DBEB from your system. While this is not a recommended approach, it can get the work done if you’re in a hurry. To disable DBEB on your system completely, follow these steps:
- Log into Exchange Online
- Navigate your way to Mail flow and select the Accepted domains option.
- Select the domain of the public folder and click on Edit.
- Once you find the This accepted domain is option, configure it to internal relay in order to disable the DBEB.
- Finally, click Save to finalize the changes you have made.
Drawbacks Of Disabling Directory-Based Edge Blocking
Bear in mind that by disabling DBEB, you open up your on-premises environment to a significant increase in traffic. This is because emails for recipients not existing in the Exchange Online will automatically be forwarded to your on-premises Exchange server instead of being rejected.
Furthermore, if the recipient does not exist in your system, the email will be sent back to Exchange Online, which will then be resent to your system. This will create an email loop which will be detected once the email has gone back and forth a couple of times. Once detected, the email will be terminated by the receiving server after it has circled a few times.
Final Thoughts
The “550 5.4 1 recipient address rejected access denied” is usually caused by the DBEB system blocking emails sent to Public Folders that are not present in the Azure Active Directory. While this is something that needs to be fixed by Microsoft, we hope that following our simple workarounds have gotten the job done for you!