sfw/fix
454 4.7.0 medium

454 4.7.0 Cannot Authenticate Due to Temporary System Problem

A temporary SMTP AUTH rejection from too many concurrent connections or recent bad-password attempts; back off and retry.

What you see

454 4.7.0 Temporary authentication failure
454-4.7.0 Cannot authenticate due to a temporary system problem. Try again later.
454-4.7.0 https://support.google.com/mail/?p=client-login

What’s actually happening

Your mail client or sending script logs in fine sometimes, then suddenly gets a 454 on AUTH and the send fails. Retry a minute later and it often works. The 4 in 454 means temporary, so the message hasn't bounced yet and the server expects you to try again. You'll see it most on Gmail/Workspace when a script opens many parallel connections or after a few wrong-password attempts in a row.

Common causes

  • Too many simultaneous IMAP/SMTP connections to Gmail (the cap is roughly 10-15 per account); the 16th login gets throttled with 454
  • A burst of failed logins with a stale or wrong password triggers a short anti-abuse lockout
  • Sending the raw account password instead of an app password while 2-Step Verification is on
  • Several devices or scripts reusing the same account and re-authenticating constantly
  • Provider-side rate limiting on the AUTH command after rapid reconnect loops

How to fix it

  1. Back off and retry with exponential delayTreat 454 as transient. Wait 30-60s, then retry, doubling the wait each time (60s, 120s, 240s) up to a cap. Don't hammer AUTH in a tight loop — that extends the lockout.
  2. Cut concurrent connectionsPool and reuse one authenticated SMTP/IMAP connection instead of opening a new one per message. Keep concurrent Gmail connections under ~10. In a mail client, close duplicate accounts configured on other devices.
  3. Switch to an app passwordIf the account has 2-Step Verification, generate a 16-character app password at myaccount.google.com/apppasswords and use that for SMTP/IMAP. The normal password will keep failing AUTH.
  4. Confirm the credentials are currentA recent password change leaves old sessions sending the wrong password, which looks like 454 churn. Update every client and stored credential, then let the lockout window clear.
  5. Enable OAuth2 (XOAUTH2) for scriptsFor automated senders, OAuth2 tokens avoid password-based lockouts entirely and are the supported path for Gmail. Token refresh failures fail more cleanly than repeated bad-password AUTH.

Stop it recurring

Pool one authenticated connection per account, cap concurrency under 10, and use app passwords or OAuth2 instead of the raw password.

Related errors

550 5.4.5 Daily User Sending Quota Exceeded (Gmail / Workspace)

high

The account hit Gmail's rolling 24-hour recipient cap; outbound mail stays blocked until the window clears, with no midnight reset.

552 5.7.0 Message Blocked — Content Presents a Potential Security Issue (Gmail)

medium

Gmail rejected the message because an attachment is a blocked executable type or its virus scan flagged the content.

550 5.7.1 Message rejected by policy (DMARC/SPF/DKIM or blocklist)

high

The receiving server accepted the connection but refused the message on policy grounds — authentication failure or a bad sender reputation.

550 5.1.1 User unknown / recipient address does not exist

medium

A hard bounce: the mailbox in the RCPT TO doesn't exist on the receiving server, so delivery permanently fails.