Solved

Email to SMS (tmomail.net) is blocking our domain for spam.


I work for a local fire department, which uses the phonenumber@tmomail.net gateway to alert members of the fire department with (T-Mobile service) of emergencies/disasters. We use similar gateways from other carriers for those respective members, and they are without issue at this time. This system from T-Mobile has worked flawlessly for the last 2 years, until recently, which we are now getting bounced by the server and getting the mail messages kicked back with the following error (X's represent the member's phone number):

mx197.us-east-2b.ess.aws.cudaops.com gave this error:
permanent failure for one or more recipients (XXXXXXXXXX@tmomail.net:blocked)

i've tried sending messages individually, and even sending out messages as MMS, and I'm still getting bounce backs.

I see "srickar" on this site answering questions, as the spam admin for tmomail.net, and I was wondering if they'd be able to point me in the right direction.

Not only am I the one handling this issue... I'm also a T-Mobile user, and am one of the end users effected by it.

Thanks for any input.

icon

Best answer by srickar 29 April 2021, 15:50

View original

This topic has been closed for comments

153 replies

Badge

As of Yesterday 3pm EST notifications were coming through no problem. Thanks again.

Hi srickar

Im having same exact issues as Original Poster

All msgs sent  via Marbella @ mygatecontrol . com​​ are being blocked
but not the email using seguridad @ mygatecontrol . com

These are security notifications of guest visits by my security software (I can modify complete source)

The only difference between these two addresses if that MARBELLA @ mygatecontrol.com also attaches a pic while seguridad @ mygatecontrol . com doesn't.
These emails are sent through separate Office 365 Business accounts but both under same Domain MygateControl.com

This was working flawlessly until recent, now all residents using T-Mobile cant get their security notifications from the MarBella account.

getting <Phone_Number>@tmomail.net:blocked on all outgoing Tmobile text/emials

Any help you can give would be much appreciated from me and your clients.
I can send original message headers if needed.

You can reach me at @siradude also

Userlevel 3
Badge +4

Thanks for reaching out. I sent you a message, but may want to delete your email address from public view.

I have this problem too.  System failures are sent from our domain hosted at Office 365 and are always blocked.  I have another domain where sometimes they get through and sometimes blocked.  Need some way to whitelist domains so they are never blocked.  I called TMobile service and they said the only thing they could do was remove SCAM ID, but that hasn't seemed to help.  I think that is for calls, not messages.

tmomail.net blocks frontiernet.net and centurylink .net.   Seems to block everything even when including a subject matter. Sprint is the same.  Everything goes thru on the blue company.

Userlevel 3
Badge +4

Hi @magenta10599237 ,

Domestic ISPs are not outright blocked especially frontiernet or centurylink - otherwise there would be an imbalance of legitimate traffic blocked vs. spam which defeats the purpose of anti-spam protection. I sent you a follow request to get further information about your examples.

There are multiple factors in play that cause specific examples to appear blocked. In any case, there should be a specific SMTP rejection code bounceback sent back to you or postmaster of your domain indicating what the underlying root cause is.

Malformed header formatting that doesnt properly meet RFC2822 SMTP specs.

SMTP server not inserting PTR or mail-from in message header. Invalid message-ID in header.

Sender Policy Framework (SPF), which is outdated SPF DNS policy on the DNS sender side that intentionally restricts another entity from inserting a domain in the envelope reply-to address. This prevents spammers from sending an envelope to phish other domains.

Content related blocks such as ALL CAPS, CALL NOW!!! - urgent!!!, sending binary 64 quoted printable attachments in HTML with no text content rendering the email unreadable.

Send me a follow back and lets get your examples reviewed. Thanks.

Userlevel 3
Badge +4

Hi @bobdog1998

That is correct, SCAM ID has nothing to do with @tmomail.net email service. Please send me a follow request and I can review your specific block example. Collocated ISPs such as protection.outlook.com, gmail.com, hotmail.com, yahoo.com, etc are shared amongst legitimate traffic and spammers. Spammers use these services which are prone to send larger quantities of spam floods because they know that larger Email Service Providers (ESP) domains cannot be outright blocked, but messages from these type of general access domains will likely have higher scrutiny.

Also, it depends what SMTP rejection code is being sent back to you or Postmaster. If its 550 - Sender Policy Framework (SPF), that means the published DNS for the domain does not permit 3rd party IP's or networks that have not been granted access by the domain owner, to send mail on their behalf. SPF is most common overlooked item when companies merge or expand without taking a second look at prior SPF published records.

I sent you a follow request.

Thanks for the reply. The block is

550 5.7.350 Remote server returned message detected as spam -> 550 permanent failure for one or more recipients (xxxxxxxxxx@tmomail.net:blocked

I see this mailing from 2 different domains, one hosted at Office 365 and one not.  The one at Office 365 has an SPF record, and the other one now does.

I've been using SpamAssassin for years on mailservers, and each recipient has a personal whitelist of sender addresses and domains, so that messages with high scores due to DBL's or other tests are still delivered.  Was hoping TMobile had something similar.

Good morning, we had the same issue start Saturday morning and hope you may be able to help. We send account alerts to our members and one notified us this morning that they stopped receiving them Friday here is the error. If you need the rest of the bounce please let me know and thanks in advance.

Your message to XXXXXXXXXX@tmomail.net couldn't be delivered.
tmomail.net suspects your message is spam and rejected it.
Reported error:550 5.7.350 Remote server returned message detected as spam -> 550 permanent failure for one or more recipients (XXXXXXXXXX@tmomail.net:blocked)
Userlevel 3
Badge +4

The electric bill messages are written in exact same style as mass spammers trying to elicit a response about an account, which is a red flag. Because the style, ALL CAPS, and short content discussing an account, the message is triggering automation blocks because it has exact qualities as phishing spam. Automated messages like this should really be sent over a trusted shortcode account and not through email as email is prone to spoofing and phishing varieties.

Disconnection emails are considered urgent threats and scored accordingly. Anytime a message discusses disconnection, that is a red flag because it demands the end user take immediate action and potentially panic to give away credentials. ex. "CALL NOW!, Email me here!, PAY NOW!"

Subject is in ALL CAPS - please change that to lower the score. Anytime emails are crafted in ALL CAPS, that is a red flag to anti-spam detection systems.

Electric example:

"Electric service for acct XXXXXXXX is pending cutoff as PPM Balance reached disconnect threshold"

"The due date for account number XXXXXX is 13-FEB-20. Please make a payment of $ 52.00."

Now take a look at same style as facebook and netflix phishing attacks going on right now from protection.outlook.com trying to phish credential from recipients.

Examples:

  1. More details about your account with FBook are needed: http://bit. [domain removed]/fqXzx ID: cdzcpqvzc
  2. Your streaming profile will be closed tonight: npay.streamsvc-tcpxnapyro.munir...[domain removed]
  3. Your streaming NETFLIX-account will be suspended for not paying: npay.netflixsrv-aaimxyqamc[domain removed]
  4. FBMOREDATA - We will close your social media due to incomplete data: w.data-mixhtofbet.imobiliariadepalmas[domain removed]

  • The issue is further complicated by using a shared email ESP provider like protection.outlook.com which is open to spammers who also use hotmail or outlook.com free accounts.

  • Message-ID in the header information was modified by the sending relay. This should not be modified.

3.50 BSF_SC0_SMS161 META: Custom rule SC0_SMS161

1.50 MSGID_FROM_MTA_HEADER_2 META: Message-Id was added by a relay

1.62 SUBJ_ALL_CAPS_2 META:  Subject is all capitals

0.01 SUBJ_ALL_CAPS META: Subject is all capitals

I will contact our CIS company to see if this change can be made to their system. It's strange that this started Saturday when it's been this way for the last 10 years. Thanks for the quick response!

Userlevel 3
Badge +4

I can explain that. Spam is dynamically changing every minute and so are the rules to identify and block messages. If a spam storm occurs on one particular style that happens to match similar semantic styles as your message, your own message could be caught up in the aggregate scoring. The ALL CAPS item may have always been a red flag, but not enough to trigger the entire aggregate scoring threshold.

Hi @srickar  I am getting the same error message as of this morning. I used to send myself a copy of my daily agenda via text to my tmomail address. I did send a follow request via inbox as well so we can communicate via PM with specific details.

Copy of the text below (with my phone number changed for privacy):

Your message to 5551212@tmomail.net  couldn't be delivered.

tmomail.net suspects your message is spam and rejected it.

Userlevel 3
Badge +4

Hi @ @magenta7196080

I sent you a direct message on why the message is blocking. If you can test out with a different provider and customize the message formatting, the messages will have better chance at succeeding delivery. Thanks.

Hello @srickar,

Our CIO is getting 550 5.7.350 Remote server returned message detected as spam -> 550 permanent failure for one or more recipients (xxxxxx@tmomail.net:blocked) when he sends messages to his phone. His email has his name and is not a generic address. He was previous able to send messages up until Jan 31st. Our email is hosted on Office 365 and we have SPF in place. I can provide more info through DM. If there is a better way to report this please let me know. Thank you

Userlevel 3
Badge +4

Great! I sent you a follow request.

Hi Mike,

@tmo_mike_c

I have the same problem, I hope you can help me to unlock and whitelist my email domain. Thanks.

JH

Userlevel 3
Badge +4

hi sent you a follow request.

I am having the same problem in the last few days; and, telephone calls to T-Mobile have not helped.

I have notifications sent from my office email address (law office in New Jersey) to **********@tmomail.net; and, in the last 4-5 days they have been bounced back as spam.

How do I correct this?  Does anyone have an answer?

Thank you in advance.

Please also accept my follow request, and I can PM you the details. Thanks

Userlevel 3
Badge +4

Send me a follow request and I can assist.

There is a spam phishing outbreak from domains using outbound.protection.outlook.com.

Traffic from this domain such as hotmail.com, msn.com, outlook.com, or any business using Microsoft outlook cloud services may expect intermittent to consistent blocking of messages. Spammers are registering millions of email accounts from these services and spamming all inter-carrier domains: pm.sprintpcs.com, vtext.com, att.com, @tmomail.net, @mymetropcs.com, @tracfone.com, etc.

Please ensure emails have:

  1. Full user name in reply-to envelope: names like (Jessica, Sara, Angelica, Kristina, etc) female names without a full domain address are triggering adult spam blocks.
  2. Insert a full subject in the message. Absent or single word items are similar to current spam outbreak (sup, hi, xkskgj, dkgeokj, etc) which are garbled nonsense are tripping phishing rules.
  3. Sending a message that lacks a full sentence (sup, yo, call me, test, plz, urgent) are matching spam attacks from freemail service spammers.
  4. Refrain from sending in plain text but inserting an HTML signature graphic. Inserting a signature without any sentence comment throws off the balance of text to numeric ratio. Spammers will insert minimal to no sentence content and just insert phone numbers or email addresses. (another email, phone number, short URL link).
  5. Please ensure your Sender Policy Framework (SPF) DNS policy is up-to-date. SPF prevents a domain from sending emails posing as another domain unless the published DNS IP has the network authorized in the SPF record. https://www.kitterman.com/spf/validate.html

Hi @srickar   Same problem here.  I typically send text messages from our private company domain to my out of office employees, and starting yesterday, everything is getting blocked/bounced back. Same 550 message as above:

Please, help!

Hi @srickar we have just today noticed that our e-mails to  @tmomail.net aren't being received. After reading all of the previous posts I believe our domain has been blocked. Is there anything you can do to help?

Userlevel 3
Badge +4

I'd be happy to take a look. Sending you a follow request for DM.

Thanks! I sent you a message