FIX: 530 5.7.57 Client not authenticated to send mail in Microsoft 365 when using SMTP AUTH.
If you're using an app password to send email from a third-party app through Exchange Online with MFA enabled and you're getting the error "530 5.7.57 The client is not authenticated to send mail," continue reading below to learn how to fix the issue.
Symptom: When multi-factor authentication is enabled, Microsoft 365 users cannot send email through Exchange Online using an app password. Specifically, sending fails with the following error:
ehloCommand:
sendCmdToSmtp:
SmtpCmdSent: EHLO DEVICE_NAME<CRLF>
–sendCmdToSmtp
readSmtpResponse:
SmtpCmdResp: 250-ZR0P278CA0153.outlook.office365.com Hello [DEVICE IP ADDRESS].
.
.
SmtpCmdResp: 530 5.7.57 Client not authenticated to send mail. [ZR0P278CA0153.CHEP278.PROD.OUTLOOK.COM 2025-11-14T09:06:55.312Z 08DE233FA75E26A2]
.
SocketError: WSAECONNRESET An existing connection was forcibly closed by the remote host.
At the same time, the following error is recorded in user's Sign-in logs in Microsoft Entra admin center:
Failure reason: Error validating credentials due to invalid username or password.
Additional Details: The user didn't enter the right credentials. It's expected to see some number of these errors in your logs due to users making mistakes.
The error "530 5.7.57 The client is not authenticated to send mail" is usually caused because the user's credentials are incorrect. However, in cases where multi-factor authentication is enabled, the error occurs because the SMTP AUTH setting for the user account has been turned off or because the public IP Address of the device from which the email is sent is not trusted.
How to FIX: Error 530 5.7.57 – Client not authenticated to send mail in Microsoft 365 using SMTP AUTH with MFA Enabled.
Step 1. Enable SMTP Authentication (AUTH) on the User Account's Mailbox.
1. In Microsoft 365 admin center, go to Users > Active Users and click on the user who is receiving the error "Client is not authenticated to send mail."
2. In Mail tab click Manage email apps.
3. Here check the "Authenticated SMTP" box and click Save.
Step 2. Allow email to be sent from the device's public IP address in Anti-spam policy.
1. From the client-side error message or from the user's sign-in logs in the Microsoft 365 Entra admin center, find the public IP address of the device from which you are trying to send emails.
2. Then, navigate to Microsoft Defender portal and go to Email & collaboration > Policies & rules > Threat Policies > Anti-spam.
3. On the Anti-spam policies settings page, click on Connection filter policy (Default).
4. Here click Edit connection filter policy
5. Now, enter the public IP address of the device that cannot send email due to the mentioned error and then press Enter. Then click Save.
6. Try again to send email from the device.
Optional Step. Enable SMTP AUTH protocol for your organization.*
* Note: Apply the instructions on this step, only if you want all users in your organization to send emails using SMTP AUTH.
1. Navigate to Exchange admin center > Settings > Mail flow.
2. In Mail Flow settings, under Security, uncheck the box "Turn off SMTP AUTH protocol for your organization" and click Save.*
* Note: For better security, keep this setting checked to disable SMTP Authorization for your entire organization and only enable SMTP AUTH only for the users your want send email using SMTP authorization, using the instructions in step 1 above.
Additional help.
Below are the correct SMTP settings for any third-party program you use to send email through Exchange Online, if multi-factor authentication is enabled.
- Server Name: smtp.office365.com
- Port Number: 587
- Encryption Method: STARTTLS or TLS
- Authentication: YES
- Username Your Microsoft 365 email address.
- Password Your App Password.*
* To create an app password for any third-party app that doesn't support Multifactor authentication, go to https://myaccount.microsoft.com/ > Security info > Add Sign-in method > App Password.
That's it! Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.
Frequently Asked Questions
What is the '530 5.7.57 The client is not authenticated to send mail' error in Microsoft 365?
This error occurs when a Microsoft 365 user with multi-factor authentication enabled tries to send email through Exchange Online using an app password and the SMTP AUTH setting is off or the public IP address of the sending device is not trusted.
How can I enable SMTP Authentication for a user account in Microsoft 365?
To enable SMTP Authentication, go to Microsoft 365 admin center, navigate to Users > Active Users, select the user, click on the Mail tab, and then Manage email apps. Check the 'Authenticated SMTP' box and save your changes.
What should I do to trust the public IP address of my device for sending emails?
Identify the public IP address from the error message or sign-in logs. Then, navigate to Microsoft Defender portal, go to Email & collaboration > Policies & rules > Threat Policies > Anti-spam, edit the Connection filter policy, and add the IP address to the trusted list.
What are the SMTP settings for sending emails through Exchange Online with MFA enabled?
Use the following settings: Server Name: smtp.office365.com, Port Number: 587, Encryption Method: STARTTLS or TLS, Authentication: YES. Use your Microsoft 365 email address as the username and an app password for the password.
