ATT Blocked Email Notification

From Rabbi Blog

Jump to: navigation, search

I've been attempting to deal with a blocked email issue between us and Prodigy (AT&T specifically).

Blocking Message


-----Original Message-----
From: Mail Delivery System [mailto:MAILER-DAEMON]
Sent: Wednesday, January 11, 2012 7:41 AM
To: <internal recipient>

Subject: Undelivered Mail Returned to Sender

This is the mail system at host securemail.mayohospital.com.

I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can delete your own text from the attached returned message.

                   The mail system  <removed> 

host ff-mx-vip4.prodigy.net[207.115.20.23] said:
    553 5.3.0 flpd124 DNSBL:ATTRBL 521<66.***.**.**>_is_blocked.
__For_information_see_http://att.net/blocks (in reply to MAIL
    FROM command)

Unblock Request

I've visited the designated http://att.net/blocks page a couple of times in the last few months, as did our Network Administrator, to request the unblock. Specifically we used the Tools for non AT&T users whose messages have been blocked link and fill out the form.

Near instantly I received a seemingly automated reply from test_reply@att.net which reads as follows:


Dear Postmaster:

We are writing to let you know that we are blocking messages addressed to one of our customers at the domain prodigy.net by one of your customers at domain mayohospital.com. The stream of messages coming from your system appears to consist mostly of unwanted commercial e-mail (UCE, or "spam"). To protect our system and to ensure that it operates well for all of our customers, we have decided to block all messages originating from your system.

Please consult your logs to see what might be causing this situation and how it can be fixed. Then visit http://rbl.att.net/block_inquiry.html to request a removal of the block. Most requests for removal are honored within two days.

The specific error message received by your customer was:
Diagnostic-Code: smtp; 553 5.3.0 flpd124 DNSBL:ATTRBL 521 < 66.***.**.*** 

Thank you for your assistance in helping our respective customers communicate.

Best regards,

The AT&T Mail Team.

Our Logs

I check our logs and make an interesting discovery, which I outlined below in a reply to test_reply@att.net (can you see the impending train wreck though?):

Good morning,

I have checked our outgoing logs to *@prodigy.net for one calendar year and have confirmed that 142 messages have been attempted.

Of those 142 messages, 4 email users on our domain send email to 4 @prodigy.net users.  One of those recipients is a user on both domains and two of the other @prodigy.net recipients are relatives of him.  The fourth @prodigy user has had 114 conversations over 12 months with one user on our domain.  

The logs do not indicate the issues presented in the reply email below and screenshots can be made available of the logs upon request.

Please remove the block or present substantial proof of the indicated issue.  

Thank you,
Mike

I send this email to the address. See the next section.

You Can't Communicate When You Are Blacklisted

If you're astute, you'll have seen this reply coming:


This is the mail system at host securemail.***.com.

I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can delete your own text from the attached returned message.

                   The mail system

<test_reply@att.net>: host scc-mailrelay.att.net[204.127.208.75] said:
    521-66.***.**.** blocked by sbc:blacklist.mailrelay.att.net. 521 DNSRBL:
    Blocked for abuse. See http://att.net/blocks (in reply to MAIL FROM
    command)

What Next

20120111

At the moment I would like to get in touch with a human and all present routes seem to fail. I'll reach out on Twitter in a moment and we'll see how that works. I'll update as I go and most likely will point to this page in the reach out.

Reaching out to @ATTBusiness @ATT for help on a email blacklist issue.
Went suggested route with no luck. 
Details here http://rabbibob.com/index.php/ATT_Blocked_Email_Notification
  • This looks promising: I've been asked to follow a specific ATT social media team member and DM (done).
  • Asked to email details to an ATT email address (noted .com - and the email made it through as autoreply received).
  • Spoke to an AT&T rep. Very polite, initially pointed me in the direction of what the error indicates, but through discussion she said that she would reach out to technical to have them contact me. I did not discount that it may be a setting on our side and that I'm looking for that hidden thing that makes AT&T's mail servers not like us so we could work from there. /crosses fingers
    • Perhaps we can ask them to whitelist our static IP addresses

20120116

  • Received an email today:
I have spoken with IT and this is something is happening on your side and your system administrator wiill have to report it through the last link below.  He can also email the information at the first link below.  The first link is links and tools for blocks and issues.  There is no direct contact information for us to be able to resolve this for you.  This is the process we use also.

abuse_rbl@abuse-att.net<mailto:abuse_rbl@abuse-att.net>

http://att.net/blocks

http://rbl.att.net/cgi-bin/rbl/block_admin.cgi
  • Will email the above address with link to this post.
    • Wonder if abuse-att.net is available to me without being blocked.
Issue: 
Emails from *@mayohospital.com are blocked (553)

For reference and full background of attempts to correct this:
http://www.rabbibob.com/index.php/ATT_Blocked_Email_Notification

Request:

Find specific reason for the block so it can be corrected.  A log somewhere on the AT&T side must show the actual transaction and declination.  Am willing to send specific targeted email to assist in finding the entry.

Good morning,

I have checked our outgoing logs to *@prodigy.net for one calendar year and have confirmed that 142 messages have been attempted.

Of those 142 messages, 4 email users on our domain send email to 4 @prodigy.net users.  One of those recipients is a user on both domains and two of the other @prodigy.net recipients are relatives of him.  The fourth @prodigy user has had 114 conversations over 12 months with one user on our domain.  

The logs do not indicate the issues presented in the reply email below and screenshots can be made available of the logs upon request.

Please remove the block or present substantial proof of the indicated issue.  

Thank you,
Mike
  • Sent and tweeted
  • Auto-response received
Thank you for contacting the AT&T Postmaster Staff.

We investigate each and every block report and removal request we receive, and take the appropriate action, of which you will be notified.  It is never the intention of the AT&T Postmaster staff to intentionally block legitimate mail. As a result of careful yet vigorous anti-spam and abuse measures, it is a rare but unfortunate occurrence that we would like to rectify as soon as possible with your help. By emailing this address you have already taken the first step in resolving this issue.

When the AT&T Postmaster staff receives a request with the needed information, requests are evaluated and, if granted, the block will be removed within 24 - 48 hours.  There are situations when mail interruptions or blocks are in place outside the AT&T domain. In these cases, we will attempt to make contact with the party initiating the block and seek a resolution.  If there is no change after 48 hours, please go to the following web site:

http://rbl.att.net/block_inquiry.html

There you can find out reasons for blocked email and steps to take for resolution as well as other information that may assist you.

We reserve the right to deny or turn down a request if our research shows the requested IP(s) being a violator of SPAM or abuse policies currently, or in the past.

We thank you for your patience and cooperation.

AT&T Postmaster Staff

Resolution

We may be in the clear. Updating post and will check back in 2 days.

-----Original Message-----
From: Postmaster [mailto:abuse_rbl@abuse-att.net] 
Sent: Tuesday, January 17, 2012 1:53 PM
To: Mike Beane
Subject: Re: FW: Mike Beane [****-****0-3****] 

At 10:21 AM 1/16/2012, you wrote:
>66.***.**.***

Thank you for contacting the AT&T Postmaster.

The mail-server IP address(es) associated with your request will be removed from the block list within 24-48 hours from the date of this letter.  AT&T and its affiliates do NOT intentionally block legitimate mail in the course of our anti-spam initiatives and regret any inconvenience this may have caused.  If the IP that was recently blocked begins to exhibit the characteristics of a compromised network object or is compromised by an offender of Acceptable Use Policies, the IP address will be blocked again.

ADMINISTRATORS:  Please thoroughly check your IP logs before requesting removal.  You must determine that all traffic from the blocked IP is actually from your mail servers to ensure your network is not compromised.  Administrators who fail to do this may experience subsequent and more resolute blocking.

Thank you for helping AT&T Internet Services network combat spam in all its forms.


Regards,

AT&T Postmaster
AT&T CSO/IISS
abuse_rbl@abuse-att.net
http://att.net/blocks

Unblocked

Testing on Thursday was good and we are unblocked. Thanks to AT&T's presence on Twitter for getting the ball rolling on this and proving once again that if you can get to a human behind all of the automated systems you can most likely get a solution.

And to round this out, the final tweet:

Rabbi Bob ✔

Thanks to @ATTBusiness @ATTRobert and later getting a human on the line in order to remove our email block. http://rabbibob.com/index.php/ATT_Blocked_Email_Notification