Last updated: July 2026

In short: When Outlook.com or Microsoft 365 rejects your outbound mail with error 5.7.606, the sending IP address has been placed on an internal blocklist by Microsoft’s security filters. Additionally, starting May 2025, strict SPF, DKIM, and DMARC authentication rules apply to all domains sending over 5,000 messages daily.

Receiving a non-delivery report (NDR) from Microsoft’s inbound mail relays (mail.protection.outlook.com or Exchange Online) requires immediate troubleshooting. Microsoft evaluates inbound traffic based on global network reputation and local tenant settings. To combat spam and phishing, Outlook has significantly strengthened its sender authentication requirements: Starting May 5th, 2025, Outlook.com is enforcing stricter email authentication standards (SPF, DKIM, DMARC) for domains sending over 5,000 emails per day to enhance security and reduce spam.

If your outbound messages to Microsoft email accounts are bouncing, review the diagnostic explanations and step-by-step solutions below.


Error 5.7.606 — Banned Sending IP

Exact error string from Microsoft

Access denied, banned sending IP [IP1.IP2.IP3.IP4] The IP that you're trying to send from was banned.

Meaning and root cause

Your sending IP address (IP1.IP2.IP3.IP4) has been placed on an internal suppression list by Exchange Online Protection (EOP). The root cause is typically an elevated user complaint rate (spam reports by Outlook users), compromised server accounts sending outbound spam, or inheriting a data center IP address with a poor sending reputation.

Concrete fix steps

  1. Investigate server abuse: Check your mail server’s outbound queue for compromised web applications, unauthorized relaying, or forwarding loops.
  2. Register in SNDS and JMRP: Enroll your IP range in Microsoft’s free Smart Network Data Services (SNDS) and Junk Mail Reporting Program (JMRP) to monitor exact reputation metrics and spam trap hits.
  3. Submit a delisting request: Use the official Microsoft Office 365 Anti-Spam IP Delist Portal to request manual removal of your IP address once all underlying security issues are resolved.

Realistic timeline

Once you submit a delist application via the portal, automated systems review the request. If the IP shows no ongoing abuse, unblocking typically completes within 2 to 24 hours.


Rejection by Recipient Custom Block Lists

Exact guidance from Microsoft documentation

The domain that received the email message blocked your sender's IP address. If you believe that your IP address was added to the recipient domain's custom block list in error, contact the recipient directly and ask them to remove it.

Meaning and root cause

Unlike a global Microsoft IP ban (5.7.606), this rejection indicates that the IT administrator of the specific receiving organization has added your IP address or domain to a local custom blocklist (Tenant Allow/Block List) inside their Exchange Online or Microsoft Defender control panel.

Concrete fix steps

  1. Do not use the global delist portal: Because the block exists strictly within the recipient’s organizational tenant, Microsoft global support cannot override or remove the restriction.
  2. Contact the recipient directly: Reach out to the receiving organization or their IT department via alternative communication channels (such as phone or a different domain name) to explain the issue and request removal from their local blocklist.

Realistic timeline

Once the recipient administrator removes your IP or domain from their tenant blocklist, delivery acceptance resumes almost immediately, usually within 15 to 30 minutes after policy updates propagate across their tenant.


Verifying your configuration

To protect your domain against future delivery blocks at Outlook.com and Microsoft 365, audit your email authentication infrastructure to confirm your SPF, DKIM, and DMARC records are fully compliant. Check your setup instantly using the free MXAudit scanner.

Further reading