Solved

email to tmomail.net rejected for banned content

  • 15 October 2015
  • 71 replies
  • 3511 views


Show first post

71 replies

Userlevel 3
Badge +4

These fields have been heavily edited so I can't make adjustments. Do you still need assistance?

Userlevel 3
Badge +4

Do you still need help? Let me know.

Userlevel 3
Badge +4

Kevin, Fields have been heavily edited. Do you still need help? Let me know!

yes - still happens a number of times each day.

Userlevel 3
Badge +4

what is the sending address?

Userlevel 3
Badge +4

Kevin,

I found your messages that were blocking due to a conference room launcher which is an .exe file. Spam engines are marking this as suspicious because it's redirecting from zoom short url to .exe. Only messages containing these are getting blocked. I have a correcting in queue which will resolve this - will update when I have resolution. Thanks!

thanks heaps - much appreciated.

Our server sends out automatic email alerts coming from infotech@edlen.com going to different @tmomail.net numbers. As of a few days ago, they are all being blocked with this as the error:


09:00:24.351 RX: <550 permanent failure for one or more recipients (x@tmomail.net:blocked,x@tmomail.net:blocked,x@tmomail.net:blocked,x@tmomail.net:b...)>


09:00:24.351 TX: <QUIT>


09:00:24.414 RX: <221 mx47.ess.sfj.cudaops.com Goodbye mail.edlen.com, closing connection>


09:00:24.414 Thread exiting for B58e120040001.000000000001.0001.mml after 19626 millisecs


09:00:24.414 CSenderThread::MakeThreadAvailable Server refused mail at END OF DATA - 550 permanent failure for one or more recipients


(I've replaced the phone numbers with x's instead)

The messages are sent in the subject line, and the body for each email is the same:


#####################################################################################


Scanned by MailMarshal - Marshal's comprehensive email content security solution.


Download a free evaluation of MailMarshal at www.marshal.com


#####################################################################################


Userlevel 3
Badge +4

Hey Brian!

Thanks for sending that over! I see the block and will get the false positive corrected. But I also see where these messages need some improvement to help avoid triggering automated detection.

For example, not sure why message body content is being crammed into the subject line. This is a red flag for spammy content to get the subject transferred over during the MTA handshake.

Subject: Please put show#xxxxxxMM into pending status. Facility commission|  ?? ****CUTOFF***

This is likely raising the artificial score and I recommend relocating this to the body. Please note there are also SQL character limitations and long subject strings could be cutoff resulting in incomplete messages.

Also, you are sending these messages in plain text content. Plain text MMS will redirect to SMSC for delivery and the sum of (sender + subject + body) = <>160 character ASCII content. Some iPhones cannot read these files crammed like this and will silently drop the message or attach an unreadable .txt file to a long MMS message.

Finally, every message is being sent with the following header flag:

Priority: urgent

Importance: high

Sending all messages with this flag triggers typical spammer tactics (Call!, reply!, due!, take action!, urgent!, High priority!) etc. Please remove these default message priority header flags as this triggers repetitive automated suspicion.

Thanks...

I understand the scoring issues.

I guess the operative question is whether I'm supposed to talk to our IT folk

(shudder 😊 or try and get Microsoft to change Outlook notifications...

Userlevel 3
Badge +4

Hi Brian!

I can happily report that edlen content is now delivering after making some corrections. Please let me know if you have any questions.

I am also getting SPF errors, the MTA which seems to be causing the issue is mx8.ess.sfj.cudaops.com

Userlevel 3
Badge +4

Banned content and SPF errors are two separate rejection reasons. Can you please post what the SMTP rejection code is?

SPF is something like 550.1

Rejected Banned Content is 554.x

Sender Policy Framework - Wikipedia

If SPF, the sending party needs to update SPF records in DNS. T-Mobile cannot correct this. This frequently occurs when a new domain, new CIDR IP block, business partner, merger, etc try to send email on behalf of a different domain. Think of it as a permissions issue to prevent fraudulent entities from sending email posing as the authorized domain. I frequently use this 3rd party web tool to validate SPF records SPF Query Tool

Status code: 550 5.7.23

Userlevel 3
Badge +4

Yes that is SPF bounceback. I cannot correct this - has to be corrected by domain owner to permit xxx IP to send on behalf of domain. @tmo_marissa​ can you setup a PM session?

From the error I got, it appears that mx8.ess.sfj.cudaops.com is the MTA being complained about.

Based on the sequence of "Received from" headers, and your response to brianjonespfk above, I had assumed that machine was a relay/filter at the T-Mobile end of things.

I can privately give you the destination address, if you can give me the MTA IPs that you're seeing, then I can compare against our SPF record.

Userlevel 3
Badge +4

Unlikely. sfj.cudaops.com is just the front end of our filtering. It's Barracuda appliance where all @tmomail.net email route through for spam and virus scanning before passing on to TMO for processing. It's just the appliance that received the email and providing the bounceback. Yes, please PM me the details and I can check logs. Thanks.

Tried, it rejected as you're not following me.

Userlevel 3
Badge +4

Okay please retry. Sent a follow request.

Userlevel 4

@srickar, thank you for getting @magenta1335019  squared away! 😊

Userlevel 3

Just wanted to pop in and apologize for missing this mention - we need to figure out some "Out Of Office" auto-replies for Support!  😉  In all seriousness, it looks as though you've been able to PM one another - please let me know if you still need assistance!

- Marissa

@srickar I have text group where I send a few times a week text messages from my gmail account. Since Mar 31st however, the messages to tmomail.net recipients have been getting a 550 bounceback. See below the bounceback email. I hid the phone number in the message. I can PM you if you accept my invitation.

Error Icon

Message blocked

Your message to xxxxxxxxxx@tmomail.net has been blocked. See technical details below for more information.
The response was:

550 permanent failure for one or more recipients (xxxxxxxxxx@tmomail.net:blocked)

Final-Recipient: rfc822; xxxxxxxxxx@tmomail.net

Action: failed

Status: 5.0.0

Remote-MTA: dns; d79033b.ess.barracudanetworks.com. (64.235.154.140, the

server for the domain tmomail.net.)

Diagnostic-Code: smtp; 550 permanent failure for one or more recipients (xxxxxxxxxx@tmomail.net:blocked)

Last-Attempt-Date: Wed, 03 May 2017 17:53:03 -0700 (PDT)

Thanks

Userlevel 3
Badge +4

PM sent. 😊

Userlevel 3
Badge +4

In case any TMO support admins see this....I have been in touch with subscriber via PM, and his investigation ticket issue was already in-progress by ECS and should be corrected in 24-48hrs. Thanks.

Reply