Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Best Practices when sending email
If you encounter issues, consider the following suggested best practices for sending email:
- Do you know your recipients? Manage them with a (static, flat) distribution list and use the service to send message to one recipient: the distribution list.
- You have many recipients, and they change too frequently? Use Active Directory tags with a dynamic distribution list. Use the service to send message to one recipient: the dynamic distribution list.
- You can't rely on distribution lists? Send flat listed recipients batched using the maximum recipient limit (50).
- Do you need to send to a single recipient? Maintain the SMTP session and send messages one-by-one.
Issue: I set up my printer or LOB app for HVE, but it still can't send email
Check the settings that were entered directly into the printer:
Printer setting Value Server/smart host smtp-hve.office365.com Port Port 587 TLS/StartTLS Enabled Username/email address and password Sign in with credentials of HVE account Your printer or application can send email from any email address, that is associated with an HVE account.
Check if username and password are correct.
Validate that your HVE account and service is working correctly. You can use SMTP component in the Power Automate platform: SMTP - Connectors.
Error: Authentication unsuccessful
If you receive one of the following errors:
- 535 5.7.3 Authentication unsuccessful
- 535 5.7.139 Authentication unsuccessful, the organization configuration doesn't allow this authentication request.
- Disable the Azure Security Defaults by toggling the Enable Security Defaults to No:
- Sign in to the Azure portal as a Security administrator or Conditional Access administrator.
- Navigate to Microsoft Entra ID > Properties.
- Select Manage security defaults.
- Set the Enable security defaults toggle to No.
- Select Save.
- HVE accounts can operate even if SMTPClientAuthenticationDisabled is set to True within TransportConfig due to the use of a custom endpoint.
- To avoid any impact from authentication policies, if these are being utilized, it's important for customers to ensure AllowBasicAuthSmtp is enabled in the policy that applies to the HVE account. Custom authentication policies can be applied to the HVE accounts as needed.
Fix issues of OAuth2 Authentication failure using high volume email to authenticate using Microsoft 365
With the support of OAuth authentication for high volume email, clients can now significantly enhance the security of their email operations. This article can help you troubleshoot authentication failures during the authentication stage.
As a first step to fixing any problems, check your configuration. See OAuth authentication for high volume emails for Microsoft 365 for the configuration options.
I received an authentication error when trying to authenticate with OAuth2
This error can be caused by different factors:
- Expired Tokens: The token used for authentication or authorization may have expired.
- Invalid Token: The format of the token doesn't match the OAuth2 format.
- Incorrect API permissions: The API permission type mismatch causing OAuth2 failure occurs when the scopes or permissions requested by the client application don't align with the permissions configured or allowed on the authorization server.
OAuth SMTP Error Codes and Resolutions
This section provides explanation for common OAuth SMTP error codes and offers guidance on how to resolve them. If you encounter any of the following error codes, follow the recommended steps to address the issue.
| Error Code | Description | Resolution |
|---|---|---|
| 501 5.5.121 | Invalid XOAUTH2 argument. | Ensure that the authentication data after XOAUTH2 is encoded correctly in base64 format. |
| 501 5.5.122 | Invalid XOAUTH2 auth data. For example: the following format for auth data is incorrect: auth=Bearer^Auser=EmailAddress OauthToken^A^A |
Ensure that the auth data encoded into base64 follows the format (angled brackets are used as placeholders):user=EmailAddress^Aauth=Bearer OauthToken^A^A |
| 501 5.5.123 | Invalid XOAUTH2 auth data - No user address provided. For example: User email address is absent: user=^Aauth=Bearer OauthToken^A^A |
Ensure that the auth data encoded into base64 follows the format (angled brackets are used as placeholders):user=EmailAddress^Aauth=Bearer OauthToken^A^A |
| 501 5.5.124 | Invalid XOAUTH2 auth data - User address provided isn't valid. For example: User email address is invalid user=InvalidEmailAddress^Aauth=Bearer OauthToken^A^A |
Ensure that the auth data encoded into base64 follows the format (angled brackets are used as placeholders):user=EmailAddress^Aauth=Bearer OauthToken^A^A |
| 501 5.5.125 | Invalid XOAUTH2 auth data - Auth type data absent. For example: Bearer keyword is absent from the auth data user=EmailAddress^Aauth= OauthToken^A^A |
Ensure that the auth data encoded into base64 follows the format (angled brackets are used as placeholders):user=EmailAddress^Aauth=Bearer OauthToken^A^A |
| 501 5.5.126 | Invalid XOAUTH2 auth data - Auth token absent. For example: OauthToken string is absent from the auth data user=EmailAddress^Aauth=Bearer ^A^A |
Ensure the auth data encoded into base64 follows the format (angled brackets are used as placeholders):user=EmailAddress^Aauth=Bearer OauthToken^A^A |
| 501 5.5.127 | Invalid XOAUTH2 auth data - Token will expire soon. | Ensure that the session time doesn't exceed the token expiry time. Obtain a new OAuth token if possible. |
| 501 5.5.128 | Token has expired in AAD in the XOAUTH2 auth data. | Check if the token is still valid, regenerate the user token to ensure the token is valid. |
| 501 5.5.129 | Invalid token with the wrong permission set on the App | Follow the document OAuth authentication for high volume emails for Microsoft 365 to check the configured permissions under API Permission section. |
| 535 5.7.127 | Authentication unsuccessful | This is a generic authentication failure scenario. Refer to the document OAuth authentication for high volume emails for Microsoft 365 for the recommended setup. |