Quick answer
An Outlook 5.7.511 bounce means Microsoft blocked the message because the IP address you sent from is on Microsoft's blocked-senders list. The full text is Access denied, banned sender, and per Microsoft it specifically means the sending IP was banned. This is a reputation block on the IP, not an authentication or content problem, so SPF, DKIM, and DMARC can all pass while the message is still refused. The fix is to identify the real sending IP, resolve whatever caused the listing, and request delisting through Microsoft's delist portal at delist@microsoft.com with the full NDR code and IP address.
What the 5.7.511 code means
Microsoft's NDR table defines 550 5.7.511 Access denied, banned sender as "The IP that you're trying to send from was banned." The ban is applied to the connecting IP address, which is the machine that actually opened the SMTP connection to Microsoft, not necessarily the domain in your visible From address.
It helps to place 5.7.511 inside Microsoft's small family of "banned sender" codes, because they have different scopes and different fixes:
- 5.7.511 — the sending IP was banned. Fix the IP's reputation and use the delist portal.
- 5.7.501 / 5.7.502 / 5.7.503 — the sending account was banned for detected spam activity. Reset the account credentials and contact Microsoft Support.
- 5.7.800 — the EHLO, P1, or P2 sender domain was banned for detected spam activity. Contact Microsoft Support to restore the domain.
A 5.7.511 is the IP-scoped member of that group. Knowing the scope tells you where to look: an IP ban points at the outbound mail server or the shared IP pool your provider routes you through, not at a single mailbox or your domain's DNS.
Why Outlook returns 5.7.511
Microsoft blocks a sending IP when its filters associate that IP with spam or abuse signals. The IP does not have to be yours exclusively. The common causes are:
- A shared IP pool with a bad neighbor. If you send through an email platform or a hosting provider that puts many customers on the same outbound IPs, one abusive sender can get the whole IP listed, and your legitimate mail inherits the block.
- A compromised account or device on your network sending spam through the same IP, which earns the IP a listing even though your normal mail is clean.
- A sudden volume spike or a campaign that drew complaints, pushing the IP's reputation below Microsoft's threshold.
- A new or cold IP with no sending history that tripped a protective block after a burst of mail.
Because the decision is reputation-driven and made on Microsoft's side, sender-side configuration changes alone rarely clear it. You have to remove the cause and then ask Microsoft to re-evaluate the IP.
How to diagnose a 5.7.511
Start by finding the IP Microsoft actually banned. The NDR usually contains it, and the diagnostic line names the banned IP explicitly. If you only have the bounce, read the full message source: the Received: headers and the NDR diagnostic text carry the connecting IP. Do not assume it is your domain's MX or your office IP; when you send through a platform, the banned IP is usually one the platform owns.
Once you have the IP, check its public reputation. The IP being banned by Microsoft often coincides with listings on public blocklists, and a public check tells you whether this is an isolated Microsoft action or a broader reputation problem. The Relaymetry blacklist checker queries the major DNSBLs for an IP so you can see whether the listing is widespread or specific to Microsoft.
Then confirm the rest of your authentication is clean. A 5.7.511 is not an authentication failure, but Microsoft weighs authentication when it decides whether to delist, and a clean SPF, DKIM, and DMARC posture strengthens a delisting request. Resolve any authentication gaps before you submit, so the request shows a fully remediated sender.
One thing a public check cannot tell you is Microsoft's internal reputation score for the IP. That model is private. The public blocklist status and your authentication posture are the groundwork for a delisting request; they are not the listing itself.
How to fix a 5.7.511
The fix is remove-the-cause first, then request delisting. Submitting a delisting request before the underlying problem is fixed tends to fail, because Microsoft re-evaluates the IP and finds the same signals.
- Identify the real sending IP from the NDR diagnostic line and the message
Received:headers. - Find and stop the cause. If the IP is shared, contact your email platform or host: the listing may be theirs to resolve, and they may move you to a clean IP. If the IP is yours, look for a compromised mailbox, an open relay, or a device sending spam, and shut it down.
- Check the IP against public blocklists so you can clear any separate DNSBL listings through each blocklist's own process; a clean public reputation supports the Microsoft request.
- Align SPF, DKIM, and DMARC for your visible From domain so the sender presents as fully authenticated.
- Submit a delisting request to Microsoft. Email
delist@microsoft.comwith the full NDR code (550 5.7.511) and the banned IP address, or use Microsoft's delist portal for the blocked-senders list. Provide the IP and a brief description of the remediation. - Do not retry the blocked campaign against the ban while you wait. Retries do not clear a reputation block and add noise; send a small test only after the IP is delisted.
- For a known partner recipient, ask their administrators to add a tenant allow entry for your sending IP or domain as a faster interim path while the delisting is processed.
What this does not prove
A public DNS and blacklist check confirms whether your IP is listed on public blocklists and whether your SPF, DKIM, and DMARC records are in order. It cannot read Microsoft's internal reputation model, confirm that a specific past message was blocked for this exact reason, or guarantee that a delisting request will be accepted. Microsoft's delisting decision is made on its side after it re-evaluates the IP.
Relaymetry checks the public signals that a delisting request rests on. It does not have access to Microsoft's internal threat classification, your sending platform's configuration, or the exact filtering decision applied to a given message.