I am a Zivver admin
Configure and manage Zivver
Bounce 5.0.0 Unable ... diagnostic code
Introduction
Attempts to send a Zivver message may result in a non-delivery report (NDR), also called a bounce message. The bounce message appears as follows:
5.0.0 Unable to specify specific reason due to missing diagnostic code
This occurs when Zivver cannot deliver the message to the recipient.
For the error Bounce 5.3.0, refer to Bounce 5.3.0 Unable … delivered; 5.3.0.
There are two main reasons for this bounce:
Misspelled domain name
In most cases, this issue occurs when the recipient email domain does not exist, for example due to a typing mistake in the recipient’s email address.
Technical issues
Zivver may be unable to deliver the message due to a technical problem with the secure protocols. Examples include DANE, PANE, or NTA 7516, when Zivver requires a minimum security level for the message.
Example causes:
- Incorrect DNSSEC configuration.
- Expired TLS certificate.
- Expired NTA 7516 DNS record.
Note- Check for typing mistakes first before examining technical causes.
- Only after these issues are resolved can the mail system deliver the message.
Causes and Solutions
Typo in the domain name
A typo in the domain name can trigger this NDR. For example, zivver.n is incorrect; the correct domain name is zivver.com.
Diagnose
Verify the recipient’s email address. Ensure the domain part (after the @) is correct.
Technical check
Verify that an MX (mail exchanger) record exists for the recipient’s domain.
Solution
Correct the typo.
NoteReceiving mail server unavailable
The recipient mail server is unavailable, e.g., due to a DNS problem. The server does not receive messages because it is not operational.
Diagnose
Have your administrator perform the following:
- Check the domain's MX records to locate the recipient mail server.
- Test whether the mail server responds.
For example, use Telnet, PowerShell, or OpenSSL.
Solution
If the server does not respond, contact the recipient so they can resolve the issue.
Invalid NTA 7516 certificate
The receiving party claims to be NTA 7516 compliant, but the NTA 7516 MX server certificate is invalid or expired.
TipDiagnose
Have your administrator:
- Check the recipient's NTA 7516 DNS record to locate the NTA 7516 MX server.
The MX server is listed afterntamx=10in the record. - Inspect the NTA 7516 MX server certificate for warnings or discrepancies.
Use an online tool. For example, check theNotAfterfield for expiration.
Solution
Ask the recipient to renew the NTA 7516 MX certificate or resolve any related issues.
If the certificate is correct and the issue persists, refer to Deprecated TLSA record NTA or Deprecated TLSA record TLS.
Deprecated TLSA Record NTA
The recipient may be NTA 7516 compliant but has not updated the TLSA record after renewing the NTA 7516 MX certificate.
Diagnose
Have your administrator:
- Check the NTA 7516 DNS record to locate the MX server.
The MX server is listed afterntamx=10. - Validate the MX server's TLSA record.
For example, run it through an online DANE SMTP Validator. An invalid TLSA record will return an error.
Solution
Ask the recipient to resolve the TLSA record discrepancy.
Deprecated TLSA Record TLS
The TLS certificate was renewed, but the TLSA record was not updated. DANE is enabled for the receiving domain, so an invalid TLSA record breaks DANE and prevents message delivery.
Solution
Ask the recipient to update the TLSA record according to the new TLS certificate.
Invalid MX Certificate
Zivver requires a secure channel to deliver the message. An issue with the MX server certificate can prevent this.
Known causes include:
- Expired MX certificate.
- Mismatch of the MX certificate's common name (CN) with the server hostname.
Diagnose
- Check the MX DNS records to locate the recipient MX server.
- Inspect the MX server certificate for warnings or discrepancies.
Use an online tool. For example, check theNotAfterfield for expiration.
Solution
Ask the recipient to resolve all MX certificate issues or renew the MX certificate.