Home / Glossary / Bounce Rate
Compliance & technical · the fastest reputation killer · deep dive

Bounce rate. A 4% hard bounce rate kills your sending domain in about two weeks.

Bounce rate is the percentage of sent emails that fail to deliver — and the single fastest way to destroy your sending-domain reputation. Most outbound teams treat bounces as a hygiene afterthought; ISPs treat them as the primary signal that you are sending to a list you didn't verify, which is the primary signal that you are spamming. This essay walks the full taxonomy (hard, soft, block, deferral), the SMTP reply-code reference every ops person should know, the day-by-day timeline of what happens to a domain that sustains 4% hard bounces, and the three-layer pre-send verification stack that prevents 95% of bounces before they ever happen.

Category: Compliance & deliverability · Read time: 11 min · Updated: 2026-05-24 · BOUNCE-1.0
TL;DR
Bounce rate is the percentage of sent emails that don't reach the recipient's mail server. Hard bounces (permanent failures — invalid address, dead domain) are the dangerous ones; soft bounces (temporary — full mailbox, server down) are usually harmless. Industry-acceptable thresholds: hard bounce <2%, total bounce <5%. Cross those, and ISPs throttle or block your sending domain within 1-3 weeks. The fix is almost never on the sending side — it's upstream at list hygiene. Bounces come from unverified data: cold lists you bought, scraped emails that were never valid, employees who left the company 18 months ago. A pre-send verification stack (syntax check → MX lookup → SMTP ping) catches 95% of bounces before they happen and costs roughly $4 per 1,000 verifications. Compared to the cost of burning a sending domain (weeks of recovery + lost pipeline), verification is the highest-ROI investment in any outbound stack. The teams that ignore this discover the math when their primary sending domain is suddenly delivering 30% to spam and nobody knows why.

01What bounce rate is

A bounce is an email that fails to deliver. The recipient's mail server rejects it for some reason and returns a non-delivery notification (an NDR, or bounceback) to the sender. Bounce rate is just the percentage: bounces divided by total sends.

The reason bounce rate matters so much isn't the bounces themselves — those are just unsent emails. It's what bounces signal to ISPs about the sender. A high bounce rate is, in ISP machine-learning terms, the single strongest indicator that the sender did not verify their list before sending. And unverified lists are, statistically, the lists used by spammers, scrapers, and low-effort cold prospectors. The ISP doesn't need to read your message content to flag you — your bounce rate alone is enough.

This is why bounce rate has outsized impact relative to its volume. A 5% bounce rate is only 50 bad emails per 1,000 sent — small in absolute terms, catastrophic in reputation terms. ISPs treat the bounce signal as nearly diagnostic: a healthy outbound program sending to verified lists has bounce rates under 2% essentially by construction; a 5%+ bounce rate almost always means the sender skipped verification.

The reframe
Bounces are a list-quality problem, not a sending problem. The single most common mistake teams make when their bounce rate spikes is to look for the fix on the sending side — try different copy, slow down the cadence, rotate domains. None of these address the cause. The bounce rate spike is almost always because they added a low-quality data source upstream (a list buy, a scraped batch, a re-import of an old CSV). Fix the source; the bounce rate fixes itself.

02The four kinds of bounce

"Bounce" is an umbrella term covering four distinct failure modes. ISP reputation systems treat each one very differently. Knowing the difference is essential to interpreting your bounce report:

Type 1 · Dangerous
Hard bounce
Permanent delivery failure. The email address doesn't exist, the domain doesn't exist, or the mailbox has been permanently disabled. The receiving server will refuse this address forever.
5.1.1 — User unknown
5.1.2 — Domain not found
550 — Mailbox unavailable
Action: Suppress the address immediately. Never re-send. Investigate the data source — repeated hard bounces from one source = bad source.
Type 2 · Usually safe
Soft bounce
Temporary delivery failure. The mailbox exists but the server can't deliver right now — mailbox full, server temporarily down, message too large, recipient OOO with auto-reply that bounces.
4.2.2 — Mailbox full
4.3.0 — System temporary failure
4.4.1 — Connection timeout
Action: Most ESPs auto-retry 3-5 times over 48-72 hours. After 5 consecutive soft bounces, treat as hard and suppress.
Type 3 · Reputation alarm
Block bounce
The receiving server rejected the message specifically because of your sender reputation. Not a list problem — a sender problem. The address is valid but the ISP doesn't trust you. Different reputation systems return different codes.
550 5.7.1 — Spam
550 5.7.0 — Rejected by policy
421 4.7.0 — Try again later (throttle)
Action: Stop sending immediately to that ISP. Investigate reputation. Don't keep retrying — that worsens the block.
Type 4 · Watch closely
Deferral
The receiving server delayed acceptance. Often a soft warning the ISP wants you to slow down. Common with new domains, large send-rate spikes, or partial reputation problems. Becomes a hard bounce if deferred too long.
450 — Mailbox unavailable, try later
451 — Local error, try later
452 — Insufficient storage
Action: Reduce send rate; let queue drain. Persistent deferrals = early-stage reputation problem.

The critical operational distinction: hard bounces affect list quality reputation; block bounces affect sender reputation. They look similar in bounce reports but require completely different responses. Most ESPs lump them together as "bounce rate," which obscures the diagnostic. A serious outbound program tracks the four types separately and investigates spikes in each independently.

03SMTP reply codes you should know

SMTP returns a three-digit code with every delivery attempt. The first digit tells you the outcome category. Most outbound operators never look at the codes; the ones who do diagnose problems hours instead of weeks. Quick reference for the codes that matter:

Code
Meaning
Classification
250
OK — message accepted for delivery. The success code. Server-to-server transfer complete (not the same as inbox placement).
Success
421
Service not available — try again later. Usually a soft throttle. Sometimes a sender-reputation warning. Repeated 421s = back off send rate.
Soft / defer
450
Mailbox temporarily unavailable. Standard soft bounce. Auto-retry usually resolves.
Soft
451
Requested action aborted: local error. Server-side issue, not your problem. Retry.
Soft
452
Insufficient system storage. Recipient mailbox is full. Often auto-replies bounce with this.
Soft
550
Requested action not taken — mailbox unavailable. Could mean user unknown, domain blocked, or policy rejection. Read the extended status to disambiguate.
Hard
550 5.7.1
Message rejected as spam. The address exists but the message was flagged. Sender reputation or content problem, not list problem.
Block
551
User not local — please forward. Rare. Usually indicates a moved mailbox or misconfigured server.
Hard
552
Message exceeds storage allocation. Often hits when sending to old archive accounts with no space.
Hard
553
Mailbox name not allowed. Address syntax invalid or rejected by server policy.
Hard
554
Transaction failed. Often returned by reputation-based blocks (Spamhaus listing, blocklist match). Investigate sender reputation immediately.
Block

Two practical uses for this reference. First, when triaging a bounce spike, sort the bounces by code and look at the dominant pattern: lots of 5.1.1 = list quality; lots of 550 5.7.1 = reputation; lots of 421 = throttling. The fix differs for each. Second, when a single ISP starts blocking you, the code their server returns usually tells you which reputation system flagged you (Spamhaus, SpamCop, Microsoft SmartScreen, etc.) — which determines where to file the delisting request.

04The thresholds that matter

Where the bounce-rate lines are. These are the bands every outbound ops team should treat as governing constraints, not aspirational targets:

Bounce rate health bands
Healthy
Warning
Danger
0 – 2%
2 – 5%
5%+
0-2% · HealthyThe level a properly verified list operates at. ISPs read this as a trustworthy sender. No reputation impact.
2-5% · WarningSomething's wrong upstream. ISPs notice but don't usually act yet. Diagnose the source and fix within 2 weeks before damage compounds.
5%+ · DangerISPs are actively penalizing. Reputation degrading week-over-week. Throttling, blocks, and full domain blacklisting follow if sustained.

Two nuances most teams miss:

The 2% line is a hard bounce threshold, not a total bounce threshold. Soft bounces matter less because they're often transient. A 4% total bounce rate with 1% hard / 3% soft is mostly fine. A 2% total bounce rate with 2% hard / 0% soft is alarming. Track them separately.

The thresholds are per-campaign, not per-quarter. A single campaign with 6% bounce rate damages reputation more than four campaigns at 1.5% averaging the same. ISPs react to per-batch behavior; the average over time is largely meaningless. The implication: never run a single high-bounce campaign "just to test," even if your overall average is fine. Each campaign is judged on its own.

05Day-by-day domain death timeline

What actually happens to a sending domain that sustains a 4% hard bounce rate, day by day. This is reconstructed from postmortems of real domain-burn incidents:

A typical reputation collapse · 4% sustained hard bounce
Day 0
Bad list uploaded. 5,000-contact CSV from a list broker. No pre-send verification. Sequence kicks off.
Setting up
Day 1
First 1,000 sends. 42 hard bounces (4.2%), 11 soft. Reputation systems start logging the pattern. No visible impact yet.
Watching
Day 3
Cumulative ~3,000 sends. Gmail's spam folder starts collecting messages from this domain. Open rates dropping. Team assumes copy problem and "tests new subject lines."
First signs
Day 5
Spamhaus listing. Domain added to a major blocklist due to hard-bounce pattern. ~30% of corporate inboxes now reject outright. Some bouncebacks include 554 codes naming Spamhaus.
Reputation hit
Day 7
Microsoft blocks. Outlook.com / Hotmail start returning 550 5.7.1. All Microsoft 365 corporate domains begin spam-foldering. Real bounce rate now looks like ~12% because block bounces are stacking on hard bounces.
Major ISP block
Day 10
Gmail throttling. Gmail starts returning 421 deferrals. Send rate drops to 20% of intended throughput. Engaged-recipient sub-segment also affected — reputation contagion.
Sending degraded
Day 12
Domain effectively dead. Real inbox placement <30%. Even warm prospects who would have engaged aren't receiving the messages. Pipeline impact starting to show.
Domain burned
Day 14-90
Recovery. Stop sending. File delisting requests with Spamhaus, Microsoft. Wait. Restart with verified list, low volume. Real recovery takes 6-12 weeks; full reputation rebuild can take 6 months.
Recovery period

Two things to internalize from this timeline. The early signs are invisible — through day 3, nothing obvious is wrong from the operator's view; the team is debugging copy when the actual problem is data quality. By the time blocks become visible (day 5-7), the damage is mostly done. The recovery is months, not weeks — the asymmetric cost of bounces is why prevention is so disproportionately valuable. A single bad batch costs more in lost pipeline than years of verification fees combined.

06The pre-send verification stack

The three-layer verification stack that catches roughly 95% of bounces before any email leaves your sending infrastructure. Layer them; each catches a different failure mode:

Layer 1 · Free
Syntax + format check
Regex validation: does this look like an email address? Catches typos, missing @, double dots, illegal characters.
Catches ~30% of bad addresses. Free, runs in microseconds.
Layer 2 · Cheap
MX record lookup
Does the domain have valid mail-exchange records? Domains without MX records can never receive email — sending to them = guaranteed hard bounce.
Catches another ~25%. Costs ~$0.0001 per check.
Layer 3 · Pays for itself
SMTP ping verification
Open an SMTP connection to the recipient's server, issue RCPT TO, see if accepted — without actually sending. Definitive answer for ~95% of remaining addresses.
Catches another ~40%. Costs ~$3-5 per 1,000. Services: NeverBounce, Kickbox, ZeroBounce, Bouncer.

The economics are decisive. A 5,000-contact list verified at $4/1,000 = $20. The same list sent without verification with ~5% hard bounce rate puts your sending domain at risk; the expected cost of a domain burn (lost pipeline + 6-12 weeks recovery) is conservatively in the $50K-200K range for any team doing serious outbound. Verification ROI is measured in domain-life-saved. The teams that skip this step are gambling with their entire outbound program for $20 savings.

What good verification actually looks like

Run verification at three moments:

  • At ingestion. Whenever a new contact enters your database — from a list buy, a scrape, a webhook, a manual import — verify it. Reject anything below 90% confidence.
  • At send time. Re-verify any contact you haven't emailed in 90+ days. Mailboxes go stale; employees leave; what was valid 6 months ago may not be now.
  • After bounces. When a hard bounce occurs, immediately verify the rest of the same batch. Hard bounces cluster by source — one bad one means others are likely in the same upload.

07The recovery playbook

If your bounce rate spike has already happened and reputation is degrading, here's the recovery sequence:

  1. Stop all sending from the affected domain immediately. Counter-intuitive but essential. Every additional send compounds the damage. Pause, don't continue at lower volume.
  2. Identify the bad data source. Sort recent bounces by source/upload/list-name. Almost always one bad batch is responsible for >80% of bounces. Find it.
  3. Suppress every contact from the bad source. Not just the ones that already bounced — the whole batch. The ones that haven't been sent to yet are mostly bad too; sending to them continues the bleed.
  4. Verify everything you intend to keep sending to. Run your remaining list through Layer 3 SMTP verification. Suppress anything that fails or returns risky/catchall results.
  5. Check blocklists. Query MXToolbox or similar for your sending domain + IP across the major blocklists (Spamhaus, SpamCop, Barracuda). File delisting requests for any matches — most are honored within 24-72 hours if you've actually fixed the problem.
  6. Restart sending at 20% of prior volume. Resume slowly. Send only to your highest-engagement segment first. Build engagement signals back up before reintroducing colder prospects. 2-3 weeks at reduced volume.
  7. Set a hard pre-send verification rule and enforce it. The cause was upstream; the prevention has to be upstream. Make verification a non-skippable step in your data pipeline, with a default-deny on any new source that hasn't been audited.

Most teams running this playbook recover meaningfully within 4-6 weeks. Teams that skip step 1 (continued sending at reduced volume) almost never recover — the ISPs interpret continued bad-list sends as a sender who knows about the problem and is choosing to keep doing it, which is the worst reputation signal a domain can emit.

08Common mistakes

Mistake 1
Tracking total bounce rate as a single number. Hard / soft / block / deferral mean very different things and need different responses. A 4% total bounce rate is fine if it's mostly soft; alarming if it's mostly hard. Most ESP dashboards lump them together — re-segment them yourself.
Mistake 2
Skipping verification because "the list came from a trusted source." Even contacts from your CRM, from previous customers, from forms — all decay. ~30% of any list older than 24 months has invalid addresses now. List source doesn't matter; freshness does. Verify regardless of origin.
Mistake 3
Retrying hard bounces. Hard bounces are permanent. Re-sending wastes ISP-server capacity and signals to filters that you're ignoring delivery feedback — a strong negative reputation signal. Suppress immediately, don't retry, don't re-add later "to see if it's fixed."
Mistake 4
Continuing to send during a reputation crisis. The natural reaction to dropping deliverability is "we need to send more to make up the gap." This is exactly wrong. More sends with a damaged reputation = more bounces, more blocks, more reputation damage. The right move during a crisis is to send less, not more.
Mistake 5
Buying lists and verifying after. Verification doesn't make a bought list safe. Most list-broker contacts are old, unwanted, or already on spam-trap lists (which verification can't reliably detect). A "verified" purchased list is still a purchased list, and ISPs increasingly recognize the patterns. The right discipline is to never buy lists; the second-best is verification + heavy suppression of any source you didn't generate yourself.
Mistake 6
Treating bounces as an ESP problem. Switching ESPs to "fix bounce rate" is the most common mis-diagnosis. The ESP isn't generating the bounces — your list is. Switching ESPs just spreads the bad list to a new sending environment, which damages the new environment too. Fix the list before considering ESP changes.
Try Mama free

Bounce problems start with the list. The list problem starts with the source.

The cheapest way to keep bounce rates under 2% isn't a better verification service — it's sending to contacts you found via real signals rather than purchased lists. Mama's contact data is sourced from active enrichment of real companies showing real signals, with email verification built in. Less work, lower bounce rate, no domain risk.

Start free trial → Read the deliverability deep-dive