SMTP 530 Authentication Required vs 535 Authentication Failed
SMTP 530 and 535 both relate to authentication, but at different stages. A 530 means the client has not attempted authentication yet and must do so before sending mail. A 535 means the client tried to authenticate but the credentials were wrong.
Description
The server requires authentication before accepting mail commands. You must issue the AUTH command with valid credentials before attempting to send mail.
When You See It
When trying to send mail through a server that requires authentication (typical for submission on port 587) without first logging in with the AUTH command.
How to Fix
Authenticate using the AUTH command with your username and password before sending MAIL FROM. Ensure your email client is configured with the correct SMTP credentials and authentication method.
Description
The authentication credentials provided are invalid. The username, password, or authentication mechanism was rejected by the server.
When You See It
After submitting incorrect credentials via the AUTH command. The username or password does not match any account on the server.
How to Fix
Double-check your username and password. If using an app password (e.g., Gmail, Outlook), ensure it is current and has not been revoked. Also verify the correct SASL mechanism (PLAIN, LOGIN, etc.).
Key Differences
530 means 'authenticate first' — no AUTH command was issued before trying to send mail.
535 means 'wrong credentials' — the AUTH command was issued but the username/password was rejected.
530 is returned in response to MAIL FROM or RCPT TO when authentication is required but not yet provided.
535 is returned in response to the AUTH command itself when credentials do not match.
530 can be resolved by issuing AUTH before MAIL FROM; 535 requires correct credentials.
When to Use Which
Return 530 when a client tries to send mail without authenticating first — this enforces SMTP AUTH policy. Return 535 when the AUTH command fails due to invalid credentials. Email clients seeing 530 should prompt for login; clients seeing 535 should prompt the user to re-enter their password.