SMTPINFONotableAuthenticationHIGH confidence

Server challenge

What this means

The 334 code is an intermediate reply used during an authentication exchange, specifically for challenge-response mechanisms like SASL. The server sends a challenge (often a base64-encoded string) to the client, which must respond correctly.

Why it happens

1The client has initiated `AUTH` with a mechanism like `LOGIN` or `CRAM-MD5`.
2The server is prompting for a username or password as part of the authentication sequence.

How to reproduce

A client initiates SMTP authentication and the server prompts for the username.

trigger — this will error

AUTH LOGIN
334 VXNlcm5hbWU6

expected output

334 Server challenge

Fix

Decode the base64 challenge and respond with base64-encoded credentials

WHEN Implementing SMTP AUTH LOGIN or CRAM-MD5

Decode the base64 challenge and respond with base64-encoded credentials

AUTH LOGIN
334 VXNlcm5hbWU6
# Decode: "Username:" — respond:
dXNlcm5hbWU=
334 UGFzc3dvcmQ6
# Decode: "Password:" — respond:
cGFzc3dvcmQ=
235 Authentication successful

Why this works

334 challenges are base64-encoded prompts. Decode to read the prompt, respond with the base64-encoded answer. For AUTH PLAIN, send base64(\0user\0pass) in a single step after the AUTH command.

What not to do

✕ Use AUTH LOGIN or AUTH PLAIN without STARTTLS

Both mechanisms transmit credentials in base64 (not encrypted). Without STARTTLS, credentials travel in cleartext over the network.

Sources

Official documentation ↗

RFC 4954 Section 4

SMTP Service Extension for Authentication ↗

Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev

At a glance

PlatformSMTP Response Codes

Code334

ClassAuthentication

SeverityINFO

TierNotable

ConfidenceHIGH

← All SMTP errors