Solved

Whither tmomail?

  • 27 February 2019
  • 27 replies
  • 340 views

What are peoples' experiences with the spam rules at tmomail.net?  I can email a

SMS or MMS from one external account hosted in Amazon's cloud, but not another

account at a slightly less mainstream but perfectly legitimate email provider.  No

bounce came back from the failure, it was just never delivered.

The gateway is handy, especially for folks with old phones/accounts that can't text.

I'd be interested in others' results, like sending from gmail, comcast, aol, hotmail,

fastmail, etc.  Does a quick test msg get through to YOURNUMBER@tmomail.net?

I found old threads describing messages getting outright rejected, but the silent

drop is a different problem.

icon

Best answer by hobbit 5 March 2019, 20:37

This has been more or less resolved, about as well as it's ever going to be.  "Srickar" was kind enough to

dip into the logs and visible rulesets on tmomail.net and observe that indeed, there was some SPF confusion

about which sources are authorized to send email claiming to be from "@t-mobile.com".  Which this very support

site does, on a fairly regular basis.  If a recipient address happens to be via the tmomail.net gateway, obviously

that needs to be let through, so in theory now that will work reliably.

The remainder of the difficulty is far more complex.  In effect, the spam-prevention infrastructure around

tmomail.net is being run by robots instead of humans now, with several different dynamic block-list and

content-scanning providers in play, and the rules those apply can change very quickly.  We also had a little

confusion about what's a SMTP envelope address versus a From: line, which spam gateways will examine

differently.  There's apparently even a problem when Subject: lines are sent to be delivered via SMS, but

I'm sure that some people's automated notification systems do that so it should not be grounds for rejection

by itself.  [The SMS comes up as Subject / Message anyway, so obviously the gateway is happy to handle it.]

So all told, delivery is less reliable than we'd like it to be but the criteria are effectively out of anyone's

hands to have fine-grained control over.  Srickar was able to add a specific exception for one use case,

but the rest is being decided by machines.  I appreciate that effort and it's good to know that someone

with engineering chops and working hands on the right resources is participating here.

Hopefully engineering staff will continue looking at the spam-rejection logs and work on eliminating

further false positives.

View original

27 replies

In The Old Days® T-Mobile had e-mail tools that included the ability to set up an e-mail alias (e.g. Joe.Blokes@tmomail.net). This was very effective at preventing spam e-mails. The only time I ever got an uninvited e-mail was from another customer who wanted to know who got the alias he wanted. I believe that T-Mobile would serve their customers well by bringing back a version of the Text-E-mail tools that would allow customers to set up an e-mail alias and tune their spam filters with white lists, etc.

Userlevel 6

I have never used tmo mail.  I can't think of a reason to.  Never have .

To bump this a little and add some context ...

It looks like tmomail.net is quietly dropping messages from *T-Mobile's own infrastructure*,

proof being that where I used to get notifications about certain events on these forums

sent to MYNUMBER@tmomail.net, those don't come through anymore despite the valid

events happening.  So somebody really needs to take a hard look at tmomail.net's

server setup and fix whatever rules are in the way of that.

I noted that someone named "srickar" seemed to have visibility into this on other threads.  Who is that?

Userlevel 6

Seems to be a customer using these forums. @srickar

Sorry, "what they used to do" is not a satisfactory answer.  I want to know when they're going

to restore basic functionality, that seems to have broken within the last month.

And sn555, you're really being less than helpful.  I don't understand how a supposed "pillar"

cuts other people down as often as you seem to and holds some exalted status.

Userlevel 6

Will snap, you asked a question and I answered it. And it's not an exalted status.  I'll leave you to it, good luck.

Have a nice day. Good luck with your problem.

Userlevel 3
Badge +4

@hobbit

I am the spam admin for @tmomail.net. The alias feature was not carried over to the new vendor because the use of alias was very slim margin. Global filtering is still handled by the spam filtering provider. Spam filters are dynamic and can change hourly due to real time threats and DNSBL trends.  If you are experiencing blocked messages, send me a follow/PM and I would be happy to look at the block reason. An SMTP rejection code should be visible for most SMTP conditions.

Okay, I'm trying to do the follow/contact dance.  Not even sure why that is necesaary

before sending a PM, but whatever...  good to know that you potentially have hands

on the problem; I'll provide a specific example once the pipe is open.

tnx, I hope this will be more broadly instructive.

This has been more or less resolved, about as well as it's ever going to be.  "Srickar" was kind enough to

dip into the logs and visible rulesets on tmomail.net and observe that indeed, there was some SPF confusion

about which sources are authorized to send email claiming to be from "@t-mobile.com".  Which this very support

site does, on a fairly regular basis.  If a recipient address happens to be via the tmomail.net gateway, obviously

that needs to be let through, so in theory now that will work reliably.

The remainder of the difficulty is far more complex.  In effect, the spam-prevention infrastructure around

tmomail.net is being run by robots instead of humans now, with several different dynamic block-list and

content-scanning providers in play, and the rules those apply can change very quickly.  We also had a little

confusion about what's a SMTP envelope address versus a From: line, which spam gateways will examine

differently.  There's apparently even a problem when Subject: lines are sent to be delivered via SMS, but

I'm sure that some people's automated notification systems do that so it should not be grounds for rejection

by itself.  [The SMS comes up as Subject / Message anyway, so obviously the gateway is happy to handle it.]

So all told, delivery is less reliable than we'd like it to be but the criteria are effectively out of anyone's

hands to have fine-grained control over.  Srickar was able to add a specific exception for one use case,

but the rest is being decided by machines.  I appreciate that effort and it's good to know that someone

with engineering chops and working hands on the right resources is participating here.

Hopefully engineering staff will continue looking at the spam-rejection logs and work on eliminating

further false positives.

We are experiencing the same issues for notifying our firefighters to send notifications.  Our domain cannot send a single sms/mms via exchange.  I can send from my personal account.  We get barracuda blocked message.

Userlevel 3
Badge +4

If you are getting a blocked message, what is the SMTP Code? If its 550, its likely SPF related. I will send you a follow request.

We have a valid SPF record

spf:westmetrofire.org

v=spf1 a mx ~all

Prefix Type Value PrefixDesc Description

v version spf1 The SPF record version

+ a Pass Match if IP has a DNS 'A' record in given domain

+ mx Pass Match if IP is one of the MX hosts for given domain name

~ all SoftFail Always matches. It goes at the end of your record.

Test Result

DNS Record Published DNS Record found

SPF Record Published SPF Record found

SPF Record Deprecated No deprecated records found

SPF Multiple Records Less than two records found

SPF Contains characters after ALL No items after 'ALL'.

SPF Syntax Check The record is valid

SPF Included Lookups Number of included lookups is OK

SPF Type PTR Check No type PTR found

SPF Void Lookups Number of void lookups is OK

SPF Exceeds Maximum Character Limit String lengths are OK.

Here is NDR

3034890379@tmomail.net

A problem occurred while delivering this message to this email address. Try sending this message again. If the problem continues, please contact your helpdesk.

The following organization rejected your message: d79033b.ess.barracudanetworks.com.

Diagnostic information for administrators:

Generating server: securemail.westmetrofire.org

3034890379@tmomail.net

d79033b.ess.barracudanetworks.com

Remote Server returned '<d79033b.ess.barracudanetworks.com #5.0.0 smtp; 550 permanent failure for one or more recipients (3034890379@tmomail.net:blocked)>'

Eric Bates

Network Administrator

West Metro Fire Rescue

433 S. Allison Pkwy

Lakewood, CO 80226

Ebates@westmetrofire.org

Phone (303) 989-4307 #796

Cell (720) 641-5827

Ebates@westmetrofire.org<mailto:Ebates@westmetrofire.org>

Userlevel 3
Badge +4

Sent details in PM. It's failing due to SPF mismatch. The IP supplied is not permitted per the SPF configured.

Strange, that is our firewall, our spf record uses our mx record as the authoritive sender. When I query, I get 50.206.109.68

Eric Bates

Network Administrator

West Metro Fire Rescue

433 S. Allison Pkwy

Lakewood, CO 80226

Ebates@westmetrofire.org

Phone (303) 989-4307 #796

Cell (720) 641-5827

Ebates@westmetrofire.org<mailto:Ebates@westmetrofire.org>

Userlevel 3
Badge +4

The IP presented to Barracuda to perform SPF against appears to be consistently 50.206.109.2. If that is the consistent proxy IP shown external and anything NAT'd behind that, would need to update the SPF to include the actual IP for the SMTP server used.

I have just changed to : v=spf1 a mx ip4:50.206.109.68/32 50.206.109.2/32 ~all

Eric Bates

Network Administrator

West Metro Fire Rescue

433 S. Allison Pkwy

Lakewood, CO 80226

Ebates@westmetrofire.org

Phone (303) 989-4307 #796

Cell (720) 641-5827

Ebates@westmetrofire.org<mailto:Ebates@westmetrofire.org>

Userlevel 3
Badge +4

You may want to test it. When I ran a validation test it came back with an error.

https://www.kitterman.com/spf/validate.html

SPF record lookup and validation for: westmetrofire.org

SPF records are published in DNS as TXT records.

The TXT records found for your domain are:

MS=15515A5E83FED87857ABC4F11E38340209BAD033

v=spf1 a mx ip4:50.206.109.68/32 50.206.109.2/32 ~all

Checking to see if there is a valid SPF record.

Found v=spf1 record for westmetrofire.org:

v=spf1 a mx ip4:50.206.109.68/32 50.206.109.2/32 ~all

evaluating...

Results - PermError SPF Permanent Error: Missing IP4: 50.206.109.2/32

Thanks, got it fixed.

Eric Bates

Network Administrator

West Metro Fire Rescue

433 S. Allison Pkwy

Lakewood, CO 80226

Ebates@westmetrofire.org

Phone (303) 989-4307 #796

Cell (720) 641-5827

Ebates@westmetrofire.org<mailto:Ebates@westmetrofire.org>

Ok. Validating correctly now

SPF record lookup and validation for: westmetrofire.org

SPF records are published in DNS as TXT records.

The TXT records found for your domain are:

MS=15515A5E83FED87857ABC4F11E38340209BAD033

v=spf1 a mx ip4:50.206.109.68/32 50.206.109.2/32 ~all

Checking to see if there is a valid SPF record.

Found v=spf1 record for westmetrofire.org:

v=spf1 a mx ~all

evaluating...

SPF record passed validation test with pySPF (Python SPF library)!

Eric Bates

Network Administrator

West Metro Fire Rescue

433 S. Allison Pkwy

Lakewood, CO 80226

Ebates@westmetrofire.org

Phone (303) 989-4307 #796

Cell (720) 641-5827

Ebates@westmetrofire.org<mailto:Ebates@westmetrofire.org>

Userlevel 3
Badge +4

Yes I see that as well. Your test at :22 past the hour failed. Can you send another one after making this SPF update? Fingers crossed.

Just sent with failure

Sent from my iPhone

Just sent another one and I have not got any nDR yet

Sent from my iPhone

Userlevel 3
Badge +4

It failed on next test, and then passed on your latest "hello" attempt. The SPF probably takes a few minutes to propagate.

All messages should be passing at this point. Can you send a group CAD test?

I will have our chief send a bulk one tomorrow he has the address list thanks for all your help I really appreciate it . I will let you know

Sent from my iPhone

Reply