SMTP response codes fall within three main brackets:
SMTP 200 -> Positive acceptance code. e.g. SMTP 250
SMTP 400 -> Temporary delivery fault (delivery will be retried) e.g. 450
SMTP 500 -> Permanent delivery failure (Non-delivery report (NDR) will be provided to the original sender e.g. 550
| Reason | Definition | Action |
| 450 4.1.1 | rejection when relay check is enabled | Blocked |
| 450 4.1.8 | sender address rejected : domain not found | Blocked |
| 450 4.5.5 | early spam detection (temporarily blocked) | Blocked |
| 450 4.5.6 | temporary failure in MTA - please retry | Blocked |
| 450 4.5.7 | temporary failure in MTA - please retry | Blocked |
| 504 5.5.2 | recipient address rejected : fully - qualified address is needed | Blocked |
| 504 5.5.2 | sender address rejected: fully - qualified address is needed | Blocked |
| 550 5.1.1 | unknown recipient (SMTP check) | Blocked |
| 550 5.2.2 | explicit blocking of sender or recipient address | Blocked |
| 550 5.5.3 | recipient address rejected: multi-recipient bounce | Blocked |
| 552 5.5.2 | message size (content filter) | Blocked |
| 554 5.5.3 | email rejected due to Content Filter Size Limit | Blocked |
| 554 5.5.4 | IP sender address with a negative reputation | Blocked |
| 554 5.5.5 | email rejection due to Spam | Blocked |
| 554 5.5.6 | loop detection | Blocked |
| 554 5.5.7 | email rejected due to content of attachment | Blocked |
| 554 5.6.1 | signature of spam in mail header resp. subject | Blocked |
| 554 5.6.2 | spam link signature detected | Blocked |
| 554 5.6.3 | spam text signature detected | Blocked |
| 554 5.6.4 | virus email blocked | Blocked |
| 554 5.6.5 | TLS encryption required by customer rule | Blocked |
| 554 5.6.9 | Rejected by custom Compliance Filter Rule | Blocked |
| 554 5.7.1 | unknown domain or unknown recipient (LDAP check) | Blocked |
| admin-bl | blacklist controlled by admin | Quarantined |
| ase-bl | individual blacklist controlled by support dept. | Quarantined |
| ase-recap1 | diffuse spam fingerprint | Quarantined |
| ase-rep1 | IP reputation list 1 | Quarantined |
| ase-rep2 | IP reputation list 2 | Quarantined |
| ase-recap4 | diffuse spam fingerprint | Quarantined |
| asespf7-1 | SPF filter variant 1 | Quarantined |
| asespf7-2 | SPF filter variant 2 | Quarantined |
| bodytag | spam signature in mail text | Quarantined |
| bouncetag | bounce mail management | Quarantined |
| dirtyip | reputation filter on IP basis | Quarantined |
| fingerprint | re - captured spam mail by hash | Quarantined |
| header | spam signature in mail header | Quarantined |
| link | ad link | Quarantined |
| rbl50 | pre-stage to 554 5.5.4 but not blocking yet | Quarantined |
| sameip | signature recognition through spam engines | Quarantined |
| score | dynamic content evaluation | Quarantined |
| Score Tag | dynamic content evaluation | Quarantined |
| spam | reputation filter based on sender server | Quarantined |
| spamip-net | IP range of servers with poor reputation | Quarantined |
| spam-sum | spam fingerprint | Quarantined |
| subjecttag | spam signature in subject line | Quarantined |
| user-bl | blacklist controlled by the user | Quarantined |
| wc | spam pattern recognition | Quarantined |
| xarg | bounce attack or individual customer rule | Quarantined |
| zombie | botnet computer | Quarantined |
| Virus-scan01 | Found identical attributes of classified virus emails in metadata | Virus |
| Virus-scan01-XARG-V | Found known virus structure in multiple attributes of the email | Virus |
| Virus-scan02-Header-V | Found virus signature in email header | Virus |
| Virus-scan03-Link-Va | Linking of a compromised URL | Virus |
| Virus-scan04-Body-V | Found virus signature in email body | Virus |
| Virus-scan05-<VirusName> | Virus found – known, classified virus | Virus |
| virus-scan07-doubleextension | Found a file with veiled or faked file type in an archive | Virus |
| Virus-scan07-archive-in.archive | Found nested archives in an archive | Virus |
| virus-scan07-heur-exploit | Found minimum one unknown and potentially dangerous file in an archive | Virus |
| Virus-scan07-fakeoffice2003 | Found macro code of office 2007 in an office 2003 file | Virus |
| virus-scan07-potential-fake-archive | Found an archive with wrong declaration of content type (MIME-Content-Type) | Virus |
| Virus-scan06-<VirusName> | Virus scanner 2 found a virus | Virus |
| Virus-scan08-executable | Found potentially dangerous file in attachment | Virus |
| Virus-scan09-ASEzipHeuristics | Evidence of phishing and suspicious attachment found | Virus |
| Virus-scan09-asehtmlheuristics | Evidence of phishing and suspicious attachment found | Virus |
| Virus-scan09-ASEurl 0xHeuristics | Evidence of phishing and suspicious link found | Virus |
| Virus-scan10-<VirusName> | Indistinct virus message through Heuristic intend analysis | Virus |
| Virus-scan12-AttachmentV | Found virus signature in attachment | Virus |
| Virus-scan13-ASE-PhishingHeuristics | Evidence of phishing and suspicious email header found | Virus |
| Virus-scan14-Short-URL-obfuscation | Links are veiled through nested URL shortening | Virus |
| Virus-scan15-ASE-Phishing | Direct link to malware or phishing website | Virus |
| Virus-scan16-ASE-Phishing-heur | Evidence of phishing and inconsistent sender address | Virus |
| Virus-scan17-ASE-office-macro-exploit | Found evidence of malware and office file with macros, OLE-object or VBS code as attachment | Virus |
| Virus-scan17-office-webarchive-exploit-heur | Evidence of malware and attachment with suspicious content found | Virus |
| virus-scan17-office-rtf-exploit-heur | Evidence of malware and attachment with suspicious content found | Virus |
| virus-scan17-Macro | Evidence of malware and attachment with suspicious content found | Virus |
| Virus-scan17-office-macro | Evidence of malware and attachment with suspicious content found | Virus |
| Virus-scan18 | Evidence of malware and the email was sent by different senders or email servers | Virus |
| Virus-scan21-<Virusname> | Virus message by optional virus scanner 3 | Virus |
| Virus-scan22-<Virusname> | Virus message by optional virus scanner 4 | Virus |
| Contentfilter | Customer defined forbidden attachment | Content |
| atp-url-archive | ATP URL Archive Attack Detection Detection of links, that download archives in delay with malicious content, as they are often used in Blended Attacks. | Virus-ATP |
| atp-phish-domain | ATP Phishing Domains Identification of domains, that were recently related to phishing, for example, through hacked websites. | Virus-ATP |
| atp-sandbox | ATP Sandbox Analyses Attachments are executed in a variety of system environments and their behavior is analyzed. Protects against ransomware and blended attacks. | Virus-ATP |
| atp-ff-spy-out | ATP Fraud Forensics: Spy Out Detection Counter-espionage against attacks trying to obtain sensitive information. | Virus-ATP |
| atp-ff-identity | ATP Fraud Forensics: Identity Spoofing Detection and blocking of forged sender identities. | Virus-ATP |
| atp-ff-fraud-attempt | ATP Fraud Forensics: Fraud Attempt Analyses Checks the authenticity and integrity of metadata and email contents. | Virus-ATP |
| virus-atp02d | ATP HTML Content Attack Detection Dynamic analysis and detection of suspicious patterns in HTML content | Virus-ATP |
| virus-atp02g | ATP URL Zero Day Detection | Virus-ATP |
| ase-aorm | Regular email correspondence | Valid |
| asespf1 | familiar sender, type 1 | Valid |
| asespf2 | familiar sender, type 2 | Valid |
| asespf3 | familiar sender, type3 | Valid |
| ase-wl | individual whitelist controlled by the support dep. | Valid |
| big2 | email size increased email reputation in multi-criteria scoring function | Valid |
| bigmessage | email size increased email reputation in multi-criteria scoring function | Valid |
| body-wl | whitelist signature in mail text, type 1 | Valid |
| body-wl2 | whitelist signature in mail text, type 2 | Valid |
| customer-wl | customer whitelist | Valid |
| header-wl | Whitelist signature in header, type 1 | Valid |
| headerwl2 | Whitelist signature in header, type 2 | Valid |
| knownsender | sender address with positive reputation, type 1 | Valid |
| noreason | un-evaluated email | Valid |
| qsender2 | sender address with positive reputation, type 2 | Valid |
| realbounce | sent via bounce management | Valid |
| score | dynamic contents evaluation | Valid |
| scorewl2 | dynamic contents evaluation, type 2 | Valid |
| sender-ip | IP sender address with positive reputation | Valid |
| subject-wl | whitelist signature in subject line, type 1 | Valid |
| subject-wl2 | whitelist signature in subject line, type 2 | Valid |
| user-wl | whitelist controlled by user | Valid |
| xarg-wl | bounce mail or individual customer rule | Valid |