New Google suite email account can't receive

[Velvis]

I'm trying to setup a second user on a Google suite account but the new account can only send. Any incoming email gets bounced with the following error:
The response from the remote server was:
550 5.4.1 Recipient address rejected: Access denied. [BN3PEPF0000B36D.namprd21.prod.outlook.com 2024-09-13T00:32:24.123Z 08DCD252F6340659]error:

The first user account has been setup for years and works perfectly.

Basic research mentions thinks like mx records and what not, but the other account works perfect.

Any suggestions?

 

[Sky-Knight]

Error, cloud propagation delay detected.

Seriously, try it again tomorrow. If that doesn't work, delete it and remake it. Some replication bit somewhere hasn't completed yet.

 

[Velvis]

Ok, it's already been a few days. I guess I'll delete it and try again.

Thank you!

 

[Velvis]

Still having the same issue with a new account. I can send from it but when I try to send to it I get a message blocked error with the following specifics:
The response from the remote server was:
550 5.4.1 Recipient address rejected: Access denied. [MN1PEPF0000F0E4.namprd04.prod.outlook.com 2024-09-17T00:41:05.519Z 08DCD1900AA44DAB]

 

[Sky-Knight]

The error is coming from an M365 mail server, but you're talking about a user on GSuite.

Methinks someone had an account compromised, and Microsoft has "just said no".

Might be SPF / DKIM / DMARC issues too. But that error isn't from Google, you're looking at a ticket to Microsoft from your side to find out WTF is going on.

Try emailing it from something not Microsoft, see if it works.

 

[callthatgirl]

Try logging into office.com/myaccount with that 2nd email address, it's possible they have a home account connected in there from the old broken server from 2017. I just fixed an issue just like this the other day. I removed the email from the personal MS account and it worked again.

 

[Velvis]

The error is coming from an M365 mail server, but you're talking about a user on GSuite.

Methinks someone had an account compromised, and Microsoft has "just said no".

Might be SPF / DKIM / DMARC issues too. But that error isn't from Google, you're looking at a ticket to Microsoft from your side to find out WTF is going on.

Try emailing it from something not Microsoft, see if it works.

So, I created another email account through Google workspace using a different username. So instead of the jshmoe@customdomain.com I created a completely new account joe@customdomain.com. Unfortunately, the results are the same. I can log into gmail.com using joe@customdomain.com and successfully send an email, but when I try sending to joe@customdomain.com I get the same error message:

The response from the remote server was:
550 5.4.1 Recipient address rejected: Access denied. [BL6PEPF0001AB4C.namprd04.prod.outlook.com 2024-09-17T02:10:59.463Z 08DCD1D4F028DEEA]

However when I sent a test message from my old hotmail account I get a more verbose error:

BL02EPF00021F6B.mail.protection.outlook.com rejected your message to the following email addresses:

joe@customdomain.com (joe@customdomain.com)
Your message was rejected by the recipient's domain because the recipient's email address isn't listed in the domain's directory. It might be misspelled or it might not exist. Try to fix the problem by doing one or more of the following:

1. Send the message again - delete and retype the address before resending. If your email program automatically suggests an address to use, don't select it - type the complete email address.
2. Clear the recipient Auto-Complete List in your email program by following the steps in this article. Then resend the message.

For Email Administrators
Directory based edge blocking is enabled for the recipient's organization and the recipient wasn't found in their directory. If the sender is using the correct address but continues to experience the problem, contact the recipient's email admin and tell them about the problem. To fix this they should resynchronize their on-premises and cloud directories.

I was hopeful this would be helpful, but a google search is telling me directory based edge blocking is an exchange feature. Which lines up with the block seeming to come from Microsoft ( BL02EPF00021F6B.mail.protection.outlook.com)

Since I have tried it with two different usernames it seems unlikely they were previously tied to a MS account. He is also a new employee so there is no reason to think that username@domain would ever have been used before anywhere.

Maybe the domain itself was previously hosted on exchange, but why would the owners email work fine?

Confused...

 

[timeshifter]

Are you sure you've got a properly licensed mailbox and not just a "free" account. It's a little tricky to create one, they're called Cloud Identity or something like that.

Also, as @Sky-Knight mentioned try sending from an email account that is not handled by Microsoft. An @icloud.com or @yahoo.com or @aol.com or @yourisp.com or whomever.

I wouldn't spend a whole lot more time on it without reaching out to Google Workspace support.

 

[Sky-Knight]

Maybe the domain itself was previously hosted on exchange, but why would the owners email work fine?

Confused...

That's easy... they don't. You only think they are.

I cannot assist further unless two things:

1.) You follow instructions perfectly (I asked for a test from a non-Microsoft sender)
2.) You post the actual domain, so I can look at the email configuration for it.

 

[JoelM]

That's easy... they don't. You only think they are.

I cannot assist further unless two things:

1.) You follow instructions perfectly (I asked for a test from a non-Microsoft sender)
2.) You post the actual domain, so I can look at the email configuration for it.

^^^This

 

[Velvis]

So, the issue was the domain was previously on Google Workspace (and his existing email account was still listed there so it looked like everything was active and the proper host at first glance.) but it is currently hosted with MS. Once we dug up his MS credentials, I was able to log in and create the new user and it all worked fine. He had forgotten he switched from Google to MS a few years back.

Thanks for the tips and point in the right direction!

 

[Sky-Knight]

So, the issue was the domain was previously on Google Workspace (and his existing email account was still listed there so it looked like everything was active and the proper host at first glance.) but it is currently hosted with MS. Once we dug up his MS credentials, I was able to log in and create the new user and it all worked fine. He had forgotten he switched from Google to MS a few years back.

Thanks for the tips and point in the right direction!

It's always the little things! XD

Please note, being able to send from GSuite for that domain indicates misconfiguration in SPF, DKIM, and DMARC records... The domain is likely to have reputation issues as a result, and be more likely to be relegated into the spam bucket.

 

[timeshifter]

Google Workspace (and his existing email account was still listed there so it looked like everything was active and the proper host at first glance.

Really good shot that he's still paying for that Google Workspace account. He may even be paying more now that you've added TWO email addresses to it. I'd check the billing for him, or tell him to check it.