[Resolved] ATT/Yahoo/Bellsouth randomly blocking client

[davetuggle]

About every 6 to 10 months we find our self's blocked by ATT/Yahoo or a child company.

<someone[at]bellsouth.net>: host gateway-f2.isp.att.net[207.115.11.16] refused

to

talk to me: 550-204.13.108.102 blocked by ldap:ou=rblmx,dc=att,dc=net

550

Error - Blocked for abuse. See http://att.net/blocks

So, we go through the de-listing process by emailing postmaster[at]att/yahoo.com and after about 48 hours we're back sending mail but we can never seem to find out why it was blocked in the first place. I believe that Spamcop provides a service to this ISP, correct? If not, perhaps someone here will notice something that I am missing.

Email setup:

1. mail.attentionpoint.com - 204.13.108.102 (this should reverse and resolve all the way around - No other email originates from this IP as well)

2. Have configured SPF, DKIM, etc. in an attempt to assist in delivery.

3. Have never send phishing or had any thing infected/spamming from that IP as far as I know.

Still, we manage to get blocked from time to time and it's almost always by the ATT/Yahoo family and I think once by aol.com. I seen another post on this forum where someone tested the domain/server and looked at historical data where is was phishing in the past. How's that done?

Wondering too if maybe something like a "membership" purchase to ReturnPath/SenderBase/SpamCop/etc will help ensure delivery.... Thanks, just can't seem to nail this down.

dt

[Derek T]

I believe that Spamcop provides a service to this ISP, correct? If not, perhaps someone here will notice something that I am missing.

They may or may not be using SCBL but there is no history of any SpamCop reports for that IP so whatever the cause of your problems it ain't SpamCop.

Move to lounge, moderators??

[lisati]

When doing a quick check on a handful of blacklist lookup web pages I found no listings in any blacklists, not even the SCBL. A check of http://www.senderbase.org/ showed a "good" reputation. I'm inclined to think that what's happening has no direct connection with Spamcop.

I notice that Yahoo has been mentioned. All I'll say is that they have a way of doing things which annoys me at times.....

[davetuggle]

I appreciate the responses and i do stand corrected. Looks like Spamhaus or Symantec could be feeding this ATT/Yahoo network. The reason i include ATT is because I've noticed when navigating through ATT's website for this they mention Yahoo Postmasters on there. I've ran this server through every check known to man at MxToolbox and elsewhere with it always showing clean with a good reputation. It's a mystery and what I was hoping to gain by posting in this forum was some insight as to why anyone here may think this could keep getting listed. I've even thought that perhaps someone was flagging it as spam within the network.

One thing I can say is that it seems to be different depending on what "child" we're sending to. Email destined for att.com could go w/o issue whereas email to bellsouth.net or mobile.att.com will fail... We don't send a tremendous amount of email and what we do send is never unsolicited. It's always as a result of someone signing up. We do send the email as FROM: tylerdurder[at]attentionpoint.com when we may be sending to tylerdurden[at]att.com. I've though that we should perhaps reconfigure this so it'll comes as FROM info[at]attentionpoint.com - any opinion that? In this case I don't think it'll matter since this is a IP blacklist so the FROM/TO I don't think should matter.

I'm just looking for input from any angle considering that 99% of the folks on this forum are likely advanced email admins...

dt

[lisati]

The mention of Spamhaus triggers a recollection for me of having seen them mentioned in an NDR sent to an email address hosted by Yahoo a few years ago, but I think Yahoo's made some changes since then.

[Farelf]

mail.attentionpoint.com has a SenderScore.org rating of 100 - that's the first perfect score I've seen there. Also multirbl.valli.org shows listing on 0/240 RBLs, as in NONE, and I don't believe I've ever seen that before either. As pure as the driven snow. I read your SenderBase reputation as 'Neutral' but that would be perfectly normal if that server has not been operating long and/or sending low volumes (SenderBase sees a magnitude of 2.4 which is not huge). The only way to get to "Good" is through continued SenderBase/IronPort clean samples (or mostly so), if I understand correctly.

I have heard of some (minor) networks blocking mail on the basis of Neutral reputation but that was ages ago and surely someone has hit them with a cluestick by now. Puzzled by your problems. It is just not possible to improve on perfection.

P.S. - always assuming none of your messages fall foul of the guidelines or prohibited file types mentioned in that link given with the error message, those are quite strict and conceivably could catch some non-spam messages, especially if their filters are just a little buggy - their interpretation of HTML content in particular might be a worry.

[michaelanglo]

mail.attentionpoint.com has a SenderScore.org rating of 100 - that's the first perfect score I've seen there.

But do they operate any mailing lists at all ?

Thus AOL users are notorious for reporting subscribed mailing lists as spam because unsubscribing was "too difficult".

[Farelf]

Ah, excellent point. The "system" supports the sending of a variety of standard e-mails - Informant Invitation, Informant Reminder, New Assignment, Parent Reminder, Parent Welcome Invitation, Rating Scale Completed (any/all of which may be customised) - from clinicians to parents and teachers, presumably through the attentionpoint.com server? The occasional twitch of the "This is spam" button by recipients would explain occasional blocking on proprietary lists.

If that is indeed the process, the e-mail customisation, the use of a sending domain name which is not the same as the service name and the inclusion of clickable links in some or all of those e-mails (and mention of the need to supply information) are all danger points in terms of possibly being tagged as spam on occasion. Have to say it all seems to work remarkably well anyway, going by the metrics (a generally committed group of recipients I suppose).

'Sanitising' the initial invitations (informant and, particularly, parent) - by using a different server - might be a way to ensure subsequent/parallel and other 'mission critical' communications are not compromised by the occasional, one would say inevitable, hiccough, in that initial DefiniPoint contact - IMO/JMO.

[davetuggle]

Just wanted to say thanks for all the good info and responses.

Farelf kind of hit it on the head as to the business model and the way we interact with users. All email is sent through the "attentionpoint" server. The thing is though that as clinicians add people to do the assessment, those people will receive an email from us that is kind of unsolicited if I think about it. It's something that the receiver will want to act on, but not something that they specifically requested - With that said, I may need to verify that flow as it's been a while since I was part of the "customer" process.

Thanks again for all the knowledgeable responses. Great info!

[turetzsr]

...Thanks, dt (not to be confused with DT, aka DavidT <g>), for taking the time to let us know. I've taken the liberty of marking this Forum Topic as "Resolved" based on what you've written, here.