Emails from AEXP.COM (American Express) stuck in Spool
Problem reported by Scarab - January 8 at 12:29 PM
Submitted
We've been experiencing an issue with valid emails from AEXP.COM (American Express) being stuck in the Spool and never delivered since around 16.3.6558. They are passing SPF, DKIM, and DMARC. If I had to venture a guess it would appear to be due to the Reply-To: "" <DoNotReplyUS@service.americanexpress.com> field as shown in the Headers below:
 
Return-Path: <HEALT030201801080904470776004840.AMEX.MYCA@welcome.aexp.com>
Received: from welcome.aexp.com (extmta2-new.aexp.com [148.173.96.85]) by mta01.scarabmedia.com with SMTP
(version=TLS\Tls
cipher=Aes256 bits=256);
Mon, 8 Jan 2018 09:10:17 -0800
DKIM-Signature: v=1; a=rsa-sha256; d=welcome.aexp.com; s=prod-selector; c=relaxed/relaxed;
q=dns/txt; i=@welcome.aexp.com; t=1515431415;
h=From:Reply-To:Subject:Date:Message-ID:To:MIME-Version:Content-Type;
bh=2IiQIzogmhkOganrv9G3Lawt1u5leUY/lbfKiTvfkzw=;
b=dUuNOtVi/kCxoGTGf94YbtRNwSfCJXQFggNEZx80yfr2Xs4BjG6CJN14E+ZC1fFU
xTQcBAzc2PBkUCOM4t1c1GO2zbxgkD3otFxnbbjy4b4k1VOni5J/UpgkSi1zSeno
XPRYITHCngNf5Bc8yambh0jIMJlyRB2enVpkQTz0oX4=;
Date: Mon, 08 Jan 2018 10:10:15 -0700
From: "American Express" <AmericanExpress@welcome.aexp.com>
Reply-To: "" <DoNotReplyUS@service.americanexpress.com>
To: <recipient@example.com>
MIME-Version: 1.0
Subject: We processed your payment
Message-ID: <HEALT030201801080904470776004840.ALEENALEPRA0007.MYCA@welcome.aexp.com>
Content-Type: multipart/alternative;
boundary="47xwSn3fKp4ypmkoFKkOWc7/gKGCqsvusaDkww=="
X-Declude-Sender: HEALT030201801080904470776004840.AMEX.MYCA@welcome.aexp.com [148.173.96.85]
X-Declude-RefID: 
X-Declude-Scan: Score [7] at 09:11:20 on 08 Jan 2018
X-Declude-Tests: FROMNOMATCH [2], bl-core-countries [0], bl-core-basics [5], bl-pre-country-us [0]
X-HELO: welcome.aexp.com
X-Identity: 148.173.96.85 | (timeout) | welcome.aexp.com
 
This is occurring with all valid emails from American Express, including Activity & Statement alerts and 2FA notices.
 
How can this be resolved? Using FORCE in the Manage Spool doesn't do anything and adding their IPs to the WHITELIST for SMTP doesn't seem to help.

1 Reply

Reply to Thread
0
Nevermind. In the Detailed SMTP Logs I found the following:
 
[2018.01.08] 01:37:00 [148.173.91.83][48661201] senderEmail(2): americanexpress@welcome.aexp.com parsed using: "American Express" <AmericanExpress@welcome.aexp.com>
[2018.01.08] 01:37:00 [148.173.91.83][48661201] no-rsp(no data sent back): 550 Sender is not allowed.
[2018.01.08] 01:37:00 [148.173.91.83][48661201] data transfer failed. 
 
Turns out they were being caught by a Wildcard SMTP Blocked Sender! Modified the wildcard entry and they are going through again now. It's an old rule from several years back so I'm not sure why it started blocking them just in the past three weeks (are the SMTP Blocked Senders now looking at the FROM, RETURN-PATH and REPLY-TO fields now perchance?) but regardless of the devil being in the details it's resolved now.

Reply to Thread