{"id":3760,"date":"2024-01-15T16:33:04","date_gmt":"2024-01-15T16:33:04","guid":{"rendered":"https:\/\/www.warmy.io\/blog\/understanding-and-fixing-the-smtp-535-error-incorrect-authentication-data\/"},"modified":"2026-03-31T07:25:44","modified_gmt":"2026-03-31T07:25:44","slug":"understanding-and-fixing-the-smtp-535-error-incorrect-authentication-data","status":"publish","type":"post","link":"https:\/\/www.warmy.io\/blog\/understanding-and-fixing-the-smtp-535-error-incorrect-authentication-data\/","title":{"rendered":"SMTP Error 535: How to Fix It [SOLVED]"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">What is SMTP error 535?<\/h2>\n\n\n\n<p>SMTP Error 535 &#8220;Incorrect Authentication Data&#8221; is an <a href=\"https:\/\/www.warmy.io\/blog\/smtp-error-codes-and-messages\/\" target=\"_blank\" rel=\"noopener noreferrer\">SMTP error code<\/a> that senders receive when an email client attempts to authenticate but the credentials it provides don&#8217;t check out. The server isn&#8217;t just being picky. It&#8217;s doing<em> exactly <\/em>what it&#8217;s supposed to do, which is rejecting unauthorized access.<\/p>\n\n\n\n<p>You&#8217;ll receive an error code that looks like any of the following variations:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>535 5.7.8 Username and Password not accepted\u00a0<\/li>\n\n\n\n<li>535 Incorrect authentication data\u00a0<\/li>\n\n\n\n<li>535 5.7.3 Authentication unsuccessful<\/li>\n<\/ul>\n\n\n\n<p><strong>Think of it like this:<\/strong> SMTP is the postal infrastructure of the internet. When you send an email, your client hands a message to a mail server, which routes it to the recipient. But before that server accepts any mail from you, it needs to know you&#8217;re authorized. When authentication breaks down, you get a 535 error.<\/p>\n\n\n\n<p>This error appears most often after a password change, a server migration, a security policy update, or when setting up a new email client for the first time.<\/p>\n\n\n\n<p><strong>Pro tip:<\/strong> Many email providers (especially Google and Microsoft) no longer accept plain username\/password login over SMTP if two-factor authentication is enabled. You&#8217;ll need an app-specific password generated from your account security settings, not your regular login password.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What causes SMTP error 535?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1. Incorrect login credentials<\/h3>\n\n\n\n<p>The most frequent culprit. You or your email client is sending the wrong username, the wrong password, or both. This happens after password resets that aren&#8217;t propagated to all connected clients, or sometimes, it can be due to a simple typo.<\/p>\n\n\n\n<p><strong>What to check:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Is the password current across all devices?<\/li>\n\n\n\n<li>Does your server require the full email address (user@domain.com) or just the local part (user)?<\/li>\n\n\n\n<li>Are you using a regular password where an app-specific one is required?<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2. SMTP server misconfiguration<\/h3>\n\n\n\n<p>Sometimes the problem isn&#8217;t the password. It&#8217;s that the client is trying to authenticate against the wrong server or wrong port. A mismatch between your client&#8217;s security settings (SSL vs. TLS, port 465 vs. 587) and what the server actually requires will trigger a 535.<\/p>\n\n\n\n<p><strong>What to check:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SMTP server address (e.g., smtp.gmail.com, smtp.office365.com)<\/li>\n\n\n\n<li>Port number (587 for STARTTLS, 465 for SSL)<\/li>\n\n\n\n<li>Encryption type (TLS vs. SSL)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3. Firewall or security policy blocking authentication<\/h3>\n\n\n\n<p>Overly aggressive firewalls, security software, or corporate network policies can intercept SMTP traffic and silently block authentication. From the server&#8217;s perspective, it never received valid credentials, resulting in a 535 error.<\/p>\n\n\n\n<p><strong>What to check:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Is outbound traffic on port 587 or 465 allowed?<\/li>\n\n\n\n<li>Is an email security gateway or proxy sitting in between?<\/li>\n\n\n\n<li>Has a recent security policy change affected SMTP access?<\/li>\n<\/ul>\n\n\n\n<p><strong>Not sure if your authentication issues are affecting your deliverability scores?<\/strong><a href=\"https:\/\/www.warmy.io\/free-tools\/email-deliverability-test\" target=\"_blank\" rel=\"noopener noreferrer\"><strong> Run a Free Email Deliverability Test on Warmy<\/strong><\/a><strong> to see exactly where your sending reputation stands.<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">SMTP error 535 variants explained<\/h2>\n\n\n\n<p>Not all 535 errors are identical. The sub-codes after the primary error tell you more specifically what went wrong.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Error Code<\/strong><\/th><th><strong>Name<\/strong><\/th><th><strong>What It Means<\/strong><\/th><\/tr><\/thead><tbody><tr><td><a href=\"https:\/\/www.warmy.io\/blog\/smtp-error-535-5-7-0\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>535 5.7.0<\/strong><\/a><\/td><td>General Authentication Error<\/td><td>Broad failure; check all credentials and recent policy changes first<\/td><\/tr><tr><td><a href=\"https:\/\/www.warmy.io\/blog\/how-to-fix-smtp-email-error-535-5-7-3-solved\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>535 5.7.3<\/strong><\/a><\/td><td>Authentication Procedure Failed<\/td><td>The authentication mechanism itself failed, not just the credentials<\/td><\/tr><tr><td><a href=\"https:\/\/www.warmy.io\/blog\/google-error-535-5-7-8-username-and-password-not-accepted\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>535 5.7.8<\/strong><\/a><\/td><td>Invalid Authentication Credentials<\/td><td>Credentials were received but rejected as incorrect or expired<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n<div class=\"howto-block entry-content\"><p><!-- wp:heading --><\/p>\n<h2 class=\"wp-block-heading\">How to fix SMTP Error 535: Step-by-step<\/h2>\n<p><!-- \/wp:heading --> <!-- wp:heading {\"level\":3} --><\/p>\n<h3 class=\"wp-block-heading\">Step 1: Verify and reset your credentials<\/h3>\n<p><!-- \/wp:heading --> <!-- wp:paragraph --><\/p>\n<p>Start here as it resolves the majority of cases.<\/p>\n<p><!-- \/wp:paragraph --> <!-- wp:list --><\/p>\n<ul class=\"wp-block-list\"><!-- wp:list-item --><\/p>\n<li>Log into your email account via the web interface to confirm the password works<\/li>\n<p><!-- \/wp:list-item --> <!-- wp:list-item --><\/p>\n<li>If it doesn&#8217;t, reset it through the provider&#8217;s account settings<\/li>\n<p><!-- \/wp:list-item --> <!-- wp:list-item --><\/p>\n<li>Update the new password in every email client and device using the account<\/li>\n<p><!-- \/wp:list-item --> <!-- wp:list-item --><\/p>\n<li>If MFA is enabled (Google, Microsoft, Yahoo), generate an app-specific password and use that instead of your main password<\/li>\n<p><!-- \/wp:list-item --><\/ul>\n<p><!-- \/wp:list --> <!-- wp:heading {\"level\":3} --><\/p>\n<h3 class=\"wp-block-heading\">Step 2: Check your SMTP settings<\/h3>\n<p><!-- \/wp:heading --> <!-- wp:paragraph --><\/p>\n<p>In your email client, confirm all of the following match your provider&#8217;s documented settings:<\/p>\n<p><!-- \/wp:paragraph --> <!-- wp:list --><\/p>\n<ul class=\"wp-block-list\"><!-- wp:list-item --><\/p>\n<li><strong>SMTP Server Address<\/strong>: e.g., smtp.gmail.com or smtp-mail.outlook.com<\/li>\n<p><!-- \/wp:list-item --> <!-- wp:list-item --><\/p>\n<li><strong>Port<\/strong>: 587 (STARTTLS) or 465 (SSL\/TLS)<\/li>\n<p><!-- \/wp:list-item --> <!-- wp:list-item --><\/p>\n<li><strong>Encryption<\/strong>: matches the port (don&#8217;t mix SSL settings with STARTTLS ports)<\/li>\n<p><!-- \/wp:list-item --> <!-- wp:list-item --><\/p>\n<li><strong>Authentication Method<\/strong>: should be &#8220;Normal Password,&#8221; &#8220;OAuth2,&#8221; or as specified<\/li>\n<p><!-- \/wp:list-item --><\/ul>\n<p><!-- \/wp:list --> <!-- wp:heading {\"level\":3} --><\/p>\n<h3 class=\"wp-block-heading\">Step 3: Review firewall and security settings<\/h3>\n<p><!-- \/wp:heading --> <!-- wp:list --><\/p>\n<ul class=\"wp-block-list\"><!-- wp:list-item --><\/p>\n<li>Check that outbound connections on your SMTP port (587 or 465) are not blocked<\/li>\n<p><!-- \/wp:list-item --> <!-- wp:list-item --><\/p>\n<li>Temporarily disable security software to test if it&#8217;s the source of the blockage<\/li>\n<p><!-- \/wp:list-item --> <!-- wp:list-item --><\/p>\n<li>If confirmed, whitelist the SMTP server address in your firewall rules<\/li>\n<p><!-- \/wp:list-item --> <!-- wp:list-item --><\/p>\n<li>If on a corporate network, contact your IT team to check email proxy settings<\/li>\n<p><!-- \/wp:list-item --><\/ul>\n<p><!-- \/wp:list --> <!-- wp:heading {\"level\":3} --><\/p>\n<h3 class=\"wp-block-heading\">Step 4: Enable provider-specific authentication settings.<\/h3>\n<p><!-- \/wp:heading --> <!-- wp:heading {\"level\":4} --><\/p>\n<h4 class=\"wp-block-heading\">For Google \/ Gmail users<\/h4>\n<p><!-- \/wp:heading --> <!-- wp:paragraph --><\/p>\n<p>Google requires OAuth2 or app-specific passwords for SMTP access when 2-Step Verification is enabled.<\/p>\n<p><!-- \/wp:paragraph --> <!-- wp:list {\"ordered\":true} --><\/p>\n<ol class=\"wp-block-list\"><!-- wp:list-item --><\/p>\n<li>Go to your Google Account \u2192 Security \u2192 App Passwords<\/li>\n<p><!-- \/wp:list-item --> <!-- wp:list-item --><\/p>\n<li>Generate a new app password for &#8220;Mail&#8221;<\/li>\n<p><!-- \/wp:list-item --> <!-- wp:list-item --><\/p>\n<li>Use that 16-character password in your email client instead of your regular Google password<\/li>\n<p><!-- \/wp:list-item --><\/ol>\n<p><!-- \/wp:list --> <!-- wp:heading {\"level\":4} --><\/p>\n<h4 class=\"wp-block-heading\">Microsoft 365 \/ Outlook users<\/h4>\n<p><!-- \/wp:heading --> <!-- wp:paragraph --><\/p>\n<p>Microsoft has tightened SMTP AUTH requirements. Confirm that:<\/p>\n<p><!-- \/wp:paragraph --> <!-- wp:list --><\/p>\n<ul class=\"wp-block-list\"><!-- wp:list-item --><\/p>\n<li>SMTP AUTH is enabled for the specific mailbox (it can be disabled at the admin level)<\/li>\n<p><!-- \/wp:list-item --> <!-- wp:list-item --><\/p>\n<li>You&#8217;re using smtp-mail.outlook.com with port 587 and STARTTLS<\/li>\n<p><!-- \/wp:list-item --> <!-- wp:list-item --><\/p>\n<li>Modern Authentication \/ OAuth is configured if required by your organization<\/li>\n<p><!-- \/wp:list-item --><\/ul>\n<p><!-- \/wp:list --><\/p>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\">Can you prevent SMTP error 535? Here\u2019s how:<\/h2>\n\n\n\n<p>Fixing a 535 once is easy, but preventing it from happening again is better. If you continue to experience 535 errors, it means your bounce rate is increasing. This sends negative signals to mailbox providers, which can then cause serious damage to your <a href=\"https:\/\/www.warmy.io\/blog\/email-sender-reputation-score\/\" target=\"_blank\" rel=\"noopener noreferrer\">sender reputation<\/a>.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Rotate credentials on a schedule<\/strong>. Update passwords periodically and immediately push changes to all connected clients<\/li>\n\n\n\n<li><strong>Use OAuth2 where available<\/strong>. Token-based authentication is more secure and less prone to breakage than password-based SMTP auth<\/li>\n\n\n\n<li><strong>Monitor server logs proactively<\/strong>. Set alerts for repeated 535 errors, which can indicate a brute-force attempt or a broken integration<\/li>\n\n\n\n<li><strong>Document your SMTP configurations<\/strong>. Especially in team environments, a central record of what settings each client uses saves hours when something breaks<\/li>\n\n\n\n<li><strong>Use email warmup and monitoring tools continuously<\/strong>. Platforms like Warmy.io continuously monitor your sending health, so authentication issues don&#8217;t silently tank your deliverability.<\/li>\n<\/ul>\n\n\n\n<p><strong>Warmy is an AI-driven email warmup platform that monitors your sending reputation, flags authentication issues early, and helps you maintain consistent inbox placement.<\/strong><a href=\"https:\/\/warmy.io\" rel=\"noopener\" target=\"_blank\" rel=\"noopener noreferrer\"><strong> <\/strong><strong>Start your free trial<\/strong><\/a><strong>.<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">When should you call in an expert?<\/h2>\n\n\n\n<p>If you&#8217;ve worked through every step above and the 535 error persists, the problem is likely one of the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A server-side misconfiguration requiring admin-level access<\/li>\n\n\n\n<li>A deprecated authentication protocol being used by older software<\/li>\n\n\n\n<li>A complex multi-tenant environment with conflicting security policies<\/li>\n\n\n\n<li>A third-party integration (CRM, marketing tool) with hardcoded credentials<\/li>\n<\/ul>\n\n\n\n<p>At this point, an <a href=\"https:\/\/www.warmy.io\/blog\/why-your-business-needs-an-email-deliverability-consultant\/\" target=\"_blank\" rel=\"noopener noreferrer\">email deliverability specialist<\/a> can conduct a full diagnostic to identify what&#8217;s causing persistent failures. The right specialist doesn&#8217;t just fix the immediate error. They identify the underlying systemic issues that will keep causing problems until addressed.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Don\u2019t let SMTP errors damage your email deliverability<\/h2>\n\n\n\n<p>SMTP errors like 535 are not just technical inconveniences. They are early warning signals that something in your sending infrastructure is broken. If you keep ignoring error 535 and other SMTP errors, they can escalate into larger deliverability issues which can result in missed opportunities, failed campaigns, and ultimately lost revenue.<\/p>\n\n\n\n<p>Every failed authentication attempt increases friction between your domain and mailbox providers. Over time, this can translate into:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Higher bounce rates<\/li>\n\n\n\n<li>Lower sender trust<\/li>\n\n\n\n<li>Reduced inbox placement<\/li>\n\n\n\n<li>Interrupted communication with prospects and customers<\/li>\n<\/ul>\n\n\n\n<p>The key is not just fixing the error once, but actually building a system that prevents these issues from recurring.<\/p>\n\n\n\n<p>Warmy goes beyond simple fixes by giving you continuous visibility and control over your email health. Instead of reacting to problems when they show up, you can proactively monitor and optimize your deliverability.<\/p>\n\n\n\n<p>With Warmy, you can:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Monitor your sender reputation in real time and detect anomalies before they impact your campaigns<\/li>\n\n\n\n<li>Identify authentication issues early, including SPF, DKIM, and DMARC misconfigurations<\/li>\n\n\n\n<li>Run deliverability tests to see exactly where your emails land across providers<\/li>\n\n\n\n<li>Gradually warm up your domain with AI-driven email warmup that simulates real human engagement<\/li>\n\n\n\n<li>Reduce risk of future SMTP errors by maintaining consistent sending behavior and infrastructure stability<\/li>\n<\/ul>\n\n\n\n<p>SMTP errors don\u2019t happen randomly. They are often part of a larger pattern of misconfiguration, poor monitoring, or inconsistent sending practices. So instead of troubleshooting under pressure, you can build a reliable sending foundation.<\/p>\n\n\n\n<p><a href=\"https:\/\/app.warmy.io\/signup\" rel=\"noopener\" target=\"_blank\" rel=\"noopener noreferrer\">Start your free trial with Warmy.io<\/a> and take control of your deliverability.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Struggling with SMTP Error 535 and not sure how to resolve it? Learn why it occurs, how to fix it, and how Warmy helps prevent it.<\/p>\n","protected":false},"author":2,"featured_media":5371,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[104],"tags":[],"class_list":["post-3760","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-email-deliverability"],"acf":[],"lang":"en","translations":{"en":3760},"pll_sync_post":[],"_links":{"self":[{"href":"https:\/\/www.warmy.io\/blog\/wp-json\/wp\/v2\/posts\/3760","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.warmy.io\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.warmy.io\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.warmy.io\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.warmy.io\/blog\/wp-json\/wp\/v2\/comments?post=3760"}],"version-history":[{"count":5,"href":"https:\/\/www.warmy.io\/blog\/wp-json\/wp\/v2\/posts\/3760\/revisions"}],"predecessor-version":[{"id":5373,"href":"https:\/\/www.warmy.io\/blog\/wp-json\/wp\/v2\/posts\/3760\/revisions\/5373"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.warmy.io\/blog\/wp-json\/wp\/v2\/media\/5371"}],"wp:attachment":[{"href":"https:\/\/www.warmy.io\/blog\/wp-json\/wp\/v2\/media?parent=3760"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.warmy.io\/blog\/wp-json\/wp\/v2\/categories?post=3760"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.warmy.io\/blog\/wp-json\/wp\/v2\/tags?post=3760"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}