Solved

E-mail to SMS being blocked due to suspected SPAM



Show first post

234 replies

Userlevel 3
Badge +3

Hi @mcteams

Some messages are failing because the message body contains a request to "email me xx@xx.org", and also a link to instagram.

It's getting flagged because its a brief message body asking to email and to click a link which is characteristic of spam. Messages sent later today are passing. When crafting messages, perform a test before sending out - but it would be best to refrain from inserting items in message body that encourage replying and contacting - which is exact familiarity to what spamming entities demand. Anti-spam filtering is not a perfect science, but if flagged, require some adjustment.

Userlevel 3
Badge +3

@mcteams

I want to clarify the anti-spam is flagging some of these messages  because the sending address and the "reply to me separately here" address are not the same, which is another red flag. The consensus on anti-spam flagging is "you've already emailed me from X source, so why do I need to then reply to yet another reply destination". Spammers use this tactic. If it's an email, why must I contact you elsewhere. Does that help? Thanks.

Okay thanks as that's very helpful and I'll do some more research and

testing on my end!

Hi, Same problem for urgent work notifications - bounced with a 550 error. Bouncing is sporadic but can't miss any of these alerts. Suspecting it's because the mail is originally from AWS and sent to tmomail via gmail. Here's the header of a bounced message:

Return-Path: <xxxxxx.alert@gmail.com>
Received: from ip-172-31-3-255.us-west-2.compute.internal (ec2-35-166-148-119.us-west-2.compute.amazonaws.com. [35.166.148.119])
        by smtp.gmail.com with ESMTPSA id g14sm24661727pfo.41.2019.08.21.14.04.53
        for <xxxxxxxxxx@tmomail.net>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 21 Aug 2019 14:04:53 -0700 (PDT)
Received: by ip-172-31-3-255.us-west-2.compute.internal (Postfix, from userid 33)
    id C583D2290D; Wed, 21 Aug 2019 21:35:33 +0000 (UTC)
To: xxxxxxxxxx@tmomail.net
Subject: TRUESD-14: https://www.xxxxxxx.com/shop/automotiv
X-PHP-Originating-Script: 0:mailtotext.php
From: xxxxxx.alert@gmail.com
Reply-To: xxxxxx.alert@gmail.com
X-Mailer: PHP/5.5.9-1ubuntu4.27
Message-Id: <20190821213533.C583D2290D@ip-172-31-3-255.us-west-2.compute.internal>
Date: Wed, 21 Aug 2019 21:35:33 +0000 (UTC)
Userlevel 3
Badge +3

It's blocking because the url is inserted in the subject which is a red flag. Plus the section of the url has ".shop" which is a direct match to a spam entity flooding with that TLD domain.

Please insert the url in message body. Thanks.

Sent from my T-Mobile 4G LTE Device

So with some more testing from the client/church it's definitely a content filter flagging it because eventually we could get a test to go through after modifying the message but it was very particular and blocked most of them.  We've seen this across a number of churches and each message can vary of course.  Would it be possible to whitelist @churchteams.com messages?  If you were able to whitelist @churchteams.com would that loosen the spam content flagging or would that still apply even with a whitelisting?  Just wanting to see if there is a potential solution that is broader than just changing the content of a single message.

Thanks for your help!

Userlevel 3
Badge +3

It appears that a national organization should actually be using a better broadcast method that you're likely familiar with and that would be shortcode subscription services. Similar to whitelisting, shortcode traffic is two-factor, trusted entity, and sent through approved operators that maintain legal compliance with self opt-in laws. https://gleantap.com/8-text-opt-in-best-practices-with-examples/

Sorry, I cannot whitelist for several reasons because this is a shared open-to-all public SMTP service, we must enable stringent protections in place to protect subscribers from spam entities. This service is known as MM3 messaging routing through MMSC servers open to parties external to operator traffic. Wireless recipients are a top spam target because recipients contain predictive recipient address structure and most lines are capable of receiving content. Whitelisting is associated to very specific email domains that interact with a much smaller segment of trusted parties.

Shared SMTP services between organizations means that not all sources perform best practices for IT mail security.

Whitelisting domains bypasses all routine message checks for attachments, malware, spyware, links, SMTP flooding, etc. Whitelisting then places me in a full time role of managing whitelist requests that we are not setup to handle as organizations change or expand their SMTP configurations.

Last time I whitelisted a large corporation, which insisted they had every anti-spam protection in their outbound SMTP email. The very next day, I cannot make this up, they were compromised by a malware infection and all compromised email accounts were simultaneously spamming T-Mobile with no scanning protection. Therefore, I no longer implicitly trust external SMTP sources.

Several operators are choosing to shutter this service due to the growth of alternative shortcode and external email favorability. The consensus so far that I've met with my design counterparts, that we will continue providing this service but I do admit the spam volume can be challenging.

MM3 email was intended for casual P2P (person to person) use and was not intended for mass broadcast distribution (A2P). If organizations wish to send broadcast material, the recommendation has always been shortcode subscription based service providers to fully comply with 1993 TCPA and FCC requirements. We abide by CTIA messaging standards (see section 5.1), https://api.ctia.org/wp-content/uploads/2019/07/190719-CTIA-Messaging-Principles-and-Best-Practices-FINAL.pdf

Additionally, MM3 email also falls under 1993 FCC rules about Commercial Mobile Radio Service (CMRS) email domains. These domains are supposed to be highly restricted do-not-contact. Email senders should still adhere to these rules. FCC has a published DNC rule about contacting subscribers through wireless provider email structure: Domain Name Downloads | Federal Communications Commission

Twilio, for example, is a shortcode provider and they have guidance on why TCPA compliance is important. https://support.twilio.com/hc/en-us/articles/223134707-Industry-Standards-for-opt-ins-for-US-Short-Codes . I cannot make a recommendation on shortcode provider selection.

Sorry to segway off into background here, but I wanted to ensure you see the full picture and why shortcode is considered a trusted/whitelist source in compliance with broadcast traffic.

Let me know if you have any questions.

I am having a similar problem.   degemmill . com  is our domain,

Thank you!

EDIT:  We use this to send out start times for our crews (about 35 employees), so the messages are short, but are essentially the same message where only the time and day of the week change. only carrier that we have run into a problem with so far is t-mobile.

Userlevel 3
Badge +3

@joshlofties

Apologies, but this one is due to a specific block in message header pertaining to HTML code that is matching information contained in your data. An example of that would be shared email domains, IPs, or other mailer characteristics. Sorry for being vague, but I cannot give specifics at this time and it will remain blocked indefinitely until an outbreak issue has passed.

@srickar

In the mean time is there anything that can be done, on our end, or on our employees' end?

Hi,  We just this afternoon started seeing blocked messages.  We've used the smtp gateway for about a decade I think to send notifications to customers. 

We don't send any links in the message and its just text.   The emails come from info@drivebuytech.com.  These are notifications of interest in a particular property.

here's a rejection we just got.

                  The mail system

<512xxxxxxx@tmomail.net>: host

    d79033a.ess.barracudanetworks.com[209.222.82.141] said: 550 permanent

    failure for one or more recipients (512xxxxxxx@tmomail.net:554 rejecting

    banned content) (in reply to end of DATA command)

---------- Forwarded message ----------

From: info@drivebuytech.com

To: 512xxxxxxx@tmomail.net

Cc:

Bcc:

Date: Thu, 22 Aug 2019 16:13:39 -0500 (CDT)

Subject:

Lead: 512-xxx-xxxx just view property 123 main

Is there something we can do to get whitelisted?

Thanks for your help.   I can be reached us directly at support@drivebuysupport.com or 877-848-4045

Userlevel 3
Badge +3

I made some adjustments to the filtering, can you please retest?

I just tried from my email, but I am not the one who normally sends them out. Mine seems to have gone though. I will have our office admin, who normally does send them out, try in the morning, and I will report back to you then. Thank you!

I just tried again and the notification came through!  Thanks a bunch for your help. 

Is there anything else we need to do or alter to get whitelisted?

Thanks again!

sorry, commented on the original thread. 

That seemed to do the trick.  Thanks!

Is there anything in particular that we need to be aware of in the future with regard to filtering and whitelisting?

Thanks again!

Thank you for the detailed information and we do have plans to move most of these messages over to the 10DLC for A2P.  Since you are very knowledgeable in this area do you have any information on when T-Mobile might be implementing support for the A2P/10DLC using 10 digit numbers?  In following the new CTIA guidelines it sounds like they expect all the carriers to be supporting the 10DLC/A2P so I was hoping T-Mobile would be moving towards that before too long.  I know Verizon had a couple dates set for their 10DLC rollout and have moved it back.

I really have to say I appreciate your knowledgeable help and thoughtful responses to my questions, even if it's not what we were hoping, and I understand your considerations.  Best support I've seen from any carrier relating to these topics so thank you and have a great day!

Thanks, Mark

Userlevel 3
Badge +3

Yes, 10 digit shortcode is coming soon. It's my understanding that long 10 digit texting codes are in testing that just started and I dont have a completion date. Thanks for asking. I indirectly support that regarding spam over shortcode issues. Thanks!

We're blacklisted, too. What is the best way to make sure our organization is whitelisted? This message thread appears to be the most hopeful information I've found.  Please let me know, and I'm happy to send you whatever information you need.  I appreciate your help!

Userlevel 3
Badge +3

Won't know block reason until can review it. Can you please send me a follow through inbox? Thanks.

Hello - same issue here ... emails to txt were going thru no problems until this week and now getting 550 permanent failure for one or more recipients (xxxxxxxxxx@tmomail.net:554 rejecting banned content).  Emails are coming from friscotexas.gov

I have followed you.  Have checked and it seems that SPF is correct as well.

Thanks for help researching the reason for rejects.

Userlevel 3
Badge +3

Hi @randyhmiller

Hello neighbor! It was rejecting due to a random generated keyword in the header for ProofPoint scanned messages - had a content match that looked like a domain entry for some recent spam attack that had to be blocked with content match. A few other messages also had random generated message ID's which matched a few other patterns. I have adjusted and messages are passing.

Time for some Hutchins. 😊

Wow - thanks for the quick response!  Definitely in for the Hutchins BBQ ... but you got to get there early or the line is TOO long.

Good afternoon!  We're having this same issue and I was hoping someone could help.  I send a follow request to 'srickar' and it looks like it was accepted, but I'm not able to send a message.  Any ideas how I might get in touch with someone would be greatly appreciated.

Userlevel 3
Badge +3

I sent you a PM. Meet you there!

Hi srickar, I just sent a follow request to hopefully get our SMTP 550 Blocked cleared.I can give you more info in PM. Thanks in advance!
Jerry

Reply