Bounce Handling Infrastructure

Bounce handling infrastructure processes delivery failures properly: parsing each bounce, classifying its reason, deciding whether the problem is the recipient or your own sending, and acting — suppressing confirmed hard bounces immediately and globally, retrying soft bounces by reason before suppressing. It is a pipeline, not an "auto-remove hard bounces" checkbox. Two things most setups miss: a large share of bounces arrive out-of-band and never reach the sending logs, and a bounce spike is usually a symptom of an authentication, reputation or list problem, not just bad addresses. MCSNET runs this across platforms from Toronto, on infrastructure where we also see the delivery side.

Key takeaways

  • Hard bounces (5xx) are permanent — suppress after one failure, globally across every list. Soft bounces (4xx) are temporary — retry by reason, then suppress after repeated failures.
  • Bounce labels can't be trusted — classification is a parsing problem, since platforms disagree and receivers return messy codes, so the raw reply must be read.
  • Not every bounce is the recipient's fault — a rate-limit or policy rejection is a sender-side problem, and suppressing the recipient for it is wrong.
  • Many bounces arrive out-of-band as asynchronous DSNs the sending logs never see — a complete pipeline captures both paths.
  • A bounce spike is usually a symptom of an auth, reputation or list problem — good handling surfaces the cause rather than hiding it behind a generic label, run from Toronto under PIPEDA.

Bounce handling looks like the most boring part of email — failures come back, you remove the bad addresses, done. It is also one of the easiest parts to get quietly wrong, in ways that remove good contacts, leave dead ones in place, and hide the real reasons your mail is failing. A bounce is not just an address to delete; it is a message from a receiving server about what happened, and reading it correctly is the difference between a clean list and a slowly poisoned one. This page is about bounce handling done as actual infrastructure — parsing, classifying, scoping and suppressing properly — rather than the auto-remove checkbox that passes for it in most setups.

What is a bounce, and how do hard and soft differ?

A bounce is a delivery failure returned by a receiving mail server, and the first and most important split is between permanent and temporary. A hard bounce is a permanent failure, carried by 5xx SMTP codes — the address does not exist, the domain has no mail server, or your domain has been blocked — and it should be suppressed immediately, after a single occurrence, because continuing to mail it actively damages your reputation. A soft bounce is a temporary failure, carried by 4xx codes — a full mailbox, a server timeout, greylisting, a transient rejection — and it may well succeed on a later attempt, so it should be retried and only suppressed if it persists. The practical rule is decisive suppression for confirmed hard bounces and patient, reason-based handling for soft ones, treating a soft-bouncing address as dead only after it fails repeatedly across several sends.

Hard bounceSoft bounce
NaturePermanent failureTemporary failure
SMTP code5xx (e.g. 550)4xx
Typical causeInvalid address, no domain, blockedFull mailbox, timeout, greylisting
ActionSuppress immediately, globallyRetry; suppress after repeated failures
TimingOne event3–5 consecutive failures

How bad can a bounce problem get?

Worse than the small size of the numbers suggests, because the consequences cascade across your whole sending. Mailbox providers read your bounce rate as a direct signal of list quality, so a high rate tells Gmail, Outlook and Yahoo that you mail invalid addresses — and the penalties escalate predictably from heavier spam filtering to a lower domain reputation to outright throttling. A hard bounce rate above two percent can trigger inbox suppression across your entire sending domain, so even your transactional mail starts landing in spam. The most dangerous pattern is the cascade: an old or unverified list produces a sudden hard-bounce spike, and the provider responds by soft-bouncing your legitimate mail as punishment, a downward spiral that takes weeks of careful sending to reverse. Against that, the benchmark for a well-managed program is a total bounce rate under one percent, which is achievable but only with bounce handling that runs after every send, not occasionally.

Classifying bounces: why the codes can’t be trusted

It is tempting to treat the hard-or-soft label your platform shows as the truth, and that is the first mistake. There is no universal standard for bounce classification: one sending platform labels a particular reply hard while another calls the identical reply soft, receiving servers frequently return ambiguous or non-standard codes, and the enhanced status codes that should disambiguate are often missing or wrong. A generic “hard bounce” flag is therefore a product decision as much as a fact, and acting on it blindly removes good addresses on misreads and misses real failures. Proper classification parses the actual SMTP reply code, the enhanced status code, and the raw bounce text together, then maps the event to a specific reason — invalid user, invalid domain, disabled mailbox, mailbox full, transient, rate limit, policy, or unknown. The cases that do not map cleanly get quarantined for review rather than suppressed on a guess. Reading the reply, not trusting the label, is what keeps the list accurate.

Is every bounce the recipient’s fault?

No, and this is the distinction that separates real bounce handling from naive removal. Not every bounce means the recipient’s address is bad — many bounces are telling you something about your own sending. A rate-limit rejection means you are sending too fast for that provider; a policy rejection or a blocklist-driven 5xx means your IP or domain reputation has a problem; a content rejection points at your message. In all of these, the recipient is fine, and suppressing them would remove a good contact while hiding the actual issue. This is why a proper pipeline decides the scope of every bounce — whether the problem belongs to the recipient, the sending IP, the domain, or the campaign stream — and acts accordingly, suppressing the recipient only when the recipient is genuinely the cause. Separating recipient failures from sender-side rejections is what lets bounce data point at a reputation or authentication problem instead of silently deleting innocent addresses.

parsecode+enh+rawclassifyreasonscopewho’s at fault?hard recipient → suppress globallysoft recipient → retry over windowsender-side → don’t suppress; flag repambiguous → quarantine for review
Parse, classify, scope, then act — with sender-side rejections and ambiguous cases handled differently from a clean recipient failure.

How should soft bounces be handled?

With patience and by reason, because a soft bounce mishandled becomes either a lost contact or a self-inflicted penalty. The right response depends on why the bounce happened: greylisting just needs a short delay before a retry, a full mailbox calls for progressively longer backoff, and a rate-limit or throttling soft bounce is best answered by reducing volume rather than retrying harder, since retrying into a throttle makes it worse. The counting also matters more than it seems. For a sender who may mail the same person several times in a day, a soft bounce should be counted by bounce-days rather than raw messages — one recipient with a full mailbox who receives five campaigns on Monday is one soft-bounce day, not five strikes, and pending retries should stay tied to that same recipient-day rather than each becoming a new penalty. Only after an address soft-bounces across several consecutive days, or a mailbox stays full long enough to look abandoned, does it graduate to suppression. Handled this way, soft bounces clean the genuinely dead addresses without discarding the temporarily unreachable ones.

Suppression must be global

A suppression that applies to one list and not the rest is barely a suppression at all. When an address is confirmed as a hard bounce, it has to be removed from active sending everywhere — every list, every segment, every automation and sequence — not just the campaign that surfaced it, because the same dead address sitting on three other lists will keep generating bounces and keep damaging your reputation. The suppression also has to be durable: a globally suppressed address should not be silently re-imported or re-subscribed back into sending, which means the suppression list is authoritative and a re-import cannot quietly override it. This is the central function of bounce infrastructure, and it is exactly what generic per-list bounce flags fail to do — they stop one list from mailing an address while leaving it live on every other. Global, durable suppression is what actually keeps the dead addresses dead.

Catching every bounce: the two paths

A bounce pipeline is only as good as the bounces it actually sees, and a large share of them arrive by a path most setups ignore. Some bounces are in-band — the receiving server rejects during the SMTP conversation, and your sending system records the failure directly. But many bounces are out-of-band: the server accepts the message and then sends an asynchronous delivery-status notification back to your return-path afterward, and because this happens after the connection closed, it never appears in the sending system’s own logs. Operators consistently find these out-of-band DSNs are a large fraction of all bounces, often the larger one. A pipeline that processes only the in-band failures therefore misses much of the problem, leaving dead addresses on lists while the dashboards look clean. Complete bounce handling captures both — the in-band rejections and the out-of-band notifications arriving at the return-path — which is precisely the gap that simple, one-path setups leave open, exactly as it appears in a MailWizz and PowerMTA integration.

The honest truth: a bounce spike is a symptom

The most valuable thing bounce handling can do is tell you when the bounces are not really about the addresses. A sudden rise in bounces is frequently a symptom of something deeper — broken authentication causing rejections, a reputation problem prompting policy bounces, a blocklisting, or simply a stale segment that should never have been mailed. A system that responds by silently deleting the bounced addresses cleans the symptom and buries the cause, so the underlying problem keeps producing bounces while you keep removing contacts. Good bounce infrastructure does the opposite: it surfaces the pattern, distinguishing a wave of invalid-user hard bounces from a wave of policy rejections, so you can see that the real issue is authentication or reputation rather than list quality. The goal, as experienced operators put it, is clean lists without hiding authentication, reputation, or strategy problems behind a generic hard-bounce label. Bounce data, read properly, is diagnostic — and that is most of its value.

Prevention beats handling

The cleanest bounce is the one that never happens, so prevention sits in front of handling. The single most effective measure is pre-send verification — running a list through validation before a major send catches the invalid addresses that would otherwise bounce, and is the difference between a hard bounce rate above two percent and one comfortably under half a percent. Real-time verification at the point of capture stops bad and mistyped addresses from entering in the first place, re-verifying any segment you have not mailed in ninety days catches the decay that accumulates at a few percent a month, and never buying or scraping lists avoids the invalid addresses and spam traps those carry. Role-based addresses, which bounce far more often than personal ones, deserve extra scrutiny. None of this replaces bounce handling — failures still happen on even the cleanest list — but it dramatically reduces the volume the pipeline has to manage, and it keeps your bounce rate in the range where reputation stays healthy.

How we run bounce handling for you

With MCSNET, bounce handling is run as the infrastructure it should be, not a checkbox. We parse every bounce for its SMTP code, enhanced code and raw reply, classify it by reason, and decide its scope — recipient, IP, domain or stream — before acting. Confirmed hard bounces are suppressed immediately and globally across every list and automation, durably, so they cannot be re-imported back into sending; soft bounces are retried by reason over a sensible window and suppressed only when genuinely dead; ambiguous cases are quarantined for review rather than removed on a guess. We capture both the in-band rejections and the out-of-band DSNs that one-path setups miss, and because we run the delivery layer too, we read bounce patterns alongside reputation, feedback loops and monitoring to surface the root cause when a spike is really an authentication or reputation problem. The result is clean lists and honest diagnostics, not silent deletion.

# mcsnet · bounce handling · brand.example (last send)
parsed        12,418 events · code+enhanced+raw
hard recip    198 → suppressed globally  done
soft recip    341 → retry window (greylist/full)
sender-side   57 rate-limit → NOT suppressed  # flagged: gmail throttle
ambiguous     9 → quarantined for review
out-of-band   return-path DSNs captured  both paths
rate          hard 0.4% · total 0.9%  healthy
signal        gmail throttle = sending issue, not list

Why work with us?

Because we treat bounces as information, not just garbage to remove. Anyone can flag a hard bounce; far fewer parse the raw reply, scope it correctly, suppress globally and durably, capture both bounce paths, and tell you when a spike means your authentication broke rather than your addresses went bad. Because we run the delivery infrastructure on our own IPs from Toronto, we see both sides of every bounce and can connect it to the reputation and monitoring data that explains it, and your suppression and contact data stay resident in Canada under PIPEDA. We build the pipeline that keeps your lists clean without hiding the problems a generic auto-remove would bury — which is the difference between a list that is merely smaller and one that is actually healthy.

Who this is for, and who it is not

It is for senders and platforms whose bounce handling has outgrown a checkbox — high-volume operations, ESPs and agencies for whom a poisoned list or a hidden reputation problem is a real cost, and anyone who suspects their current setup is removing good contacts, missing out-of-band bounces, or burying diagnostic signals. It is for white-label operators who need scoped, global suppression across many tenants. It is not, on its own, for a small sender whose ESP’s built-in handling genuinely suffices for a modest, well-verified list — we will say so rather than over-engineer. Bounce handling pairs with the feedback-loop complaint processing it sits beside, the reputation and monitoring it feeds, and the verification that prevents bounces upstream. Run as real infrastructure — parsed, classified, scoped, suppressed globally, and read for what it reveals — bounce handling stops being janitorial and becomes one of the clearest windows you have into the health of your sending.

Frequently asked questions

What's the difference between a hard and a soft bounce?
A hard bounce is a permanent failure, signalled by 5xx SMTP codes — the address doesn't exist, the domain has no mail server, or you've been blocked outright. It should be suppressed immediately, after a single failure, and globally across all your lists. A soft bounce is a temporary failure, signalled by 4xx codes — a full mailbox, a server timeout, greylisting, or a transient rejection — and it may succeed on retry, so it should be handled over a window rather than suppressed at once. The standard rule is to suppress confirmed hard bounces on the first event and to treat a soft-bouncing address as dead only after it fails repeatedly, usually three to five consecutive sends.
Why do my bounces get classified wrong?
Because bounce classification is a parsing problem, not a reliable label, and treating it as a label is exactly what goes wrong. There is no universal standard for what counts as hard versus soft — one sending platform classifies a given reply as hard while another calls the same reply soft, and receiving servers do not always return clean enhanced status codes, so a generic 'hard bounce' flag is often a product decision rather than the truth. Proper handling parses the actual SMTP code, the enhanced status code, and the raw bounce text together, classifies by reason, and quarantines ambiguous cases for review rather than permanently suppressing an address on a misread. Trusting the label without reading the reply is how good addresses get wrongly removed and real problems get hidden.
Should I suppress an address that hit a rate limit?
No — and this is one of the most important distinctions in bounce handling. A rate-limit or policy rejection is a sender-side problem, not a recipient one: the receiving server is telling you something about your sending, not that the recipient's address is bad. Suppressing the recipient in that case removes a perfectly good contact and hides the real issue, which is that your IP or domain reputation, or your sending rate, needs attention. Good bounce handling decides the scope of every bounce — whether the problem belongs to the recipient, the sending IP, the domain, or the campaign stream — and only suppresses the recipient when the recipient is actually the problem. Separating recipient failures from sender-side rejections is what keeps bounce handling honest.
How high a bounce rate is dangerous?
Lower than many people assume, because the penalties cascade. A total bounce rate under one percent is the mark of a well-managed list, under two percent is generally acceptable, and a hard bounce rate above two percent can trigger inbox suppression across your entire sending domain — meaning even your legitimate and transactional mail starts going to spam. Worse, a sudden hard-bounce spike, the kind an old or unverified list produces, can prompt a provider to begin soft-bouncing your good mail as a punishment, a cascade that is hard to reverse. This is why bounces have to be caught and suppressed after every send rather than periodically, and why prevention through pre-send verification matters so much.
Does an ESP not handle bounces automatically?
Most do something, but 'something' is often a generic auto-removal that hides as much as it helps. Many platforms simply flag an address as bounced and, at best, stop sending to it on that one list, without reading the raw reply, without applying suppression globally across every list and automation, without distinguishing recipient problems from sender-side ones, and without surfacing that a spike points to an authentication or reputation issue. That leaves dead addresses on other lists, removes good contacts on misclassified bounces, and buries diagnostic signals. Real bounce infrastructure parses, classifies, scopes, suppresses globally, and reports the underlying cause — which is the difference between a checkbox and a system you can actually trust.
Talk to the team that runs the MTA, not just the box.
Toronto-based, PIPEDA-aligned email infrastructure — licensed, configured, and monitored.
Configure a server