Emails from AEXP.COM (American Express) stuck in Spool
Problem reported by Scarab - 1/8/2018 at 12:29 PM
We've been experiencing an issue with valid emails from AEXP.COM (American Express) being stuck in the Spool and never delivered since around 16.3.6558. They are passing SPF, DKIM, and DMARC. If I had to venture a guess it would appear to be due to the Reply-To: "" <DoNotReplyUS@service.americanexpress.com> field as shown in the Headers below:
Return-Path: <HEALT030201801080904470776004840.AMEX.MYCA@welcome.aexp.com>
Received: from welcome.aexp.com (extmta2-new.aexp.com []) by mta01.scarabmedia.com with SMTP
cipher=Aes256 bits=256);
Mon, 8 Jan 2018 09:10:17 -0800
DKIM-Signature: v=1; a=rsa-sha256; d=welcome.aexp.com; s=prod-selector; c=relaxed/relaxed;
q=dns/txt; i=@welcome.aexp.com; t=1515431415;
Date: Mon, 08 Jan 2018 10:10:15 -0700
From: "American Express" <AmericanExpress@welcome.aexp.com>
Reply-To: "" <DoNotReplyUS@service.americanexpress.com>
To: <recipient@example.com>
MIME-Version: 1.0
Subject: We processed your payment
Message-ID: <HEALT030201801080904470776004840.ALEENALEPRA0007.MYCA@welcome.aexp.com>
Content-Type: multipart/alternative;
X-Declude-Sender: HEALT030201801080904470776004840.AMEX.MYCA@welcome.aexp.com []
X-Declude-Scan: Score [7] at 09:11:20 on 08 Jan 2018
X-Declude-Tests: FROMNOMATCH [2], bl-core-countries [0], bl-core-basics [5], bl-pre-country-us [0]
X-HELO: welcome.aexp.com
X-Identity: | (timeout) | welcome.aexp.com
This is occurring with all valid emails from American Express, including Activity & Statement alerts and 2FA notices.
How can this be resolved? Using FORCE in the Manage Spool doesn't do anything and adding their IPs to the WHITELIST for SMTP doesn't seem to help.

1 Reply

Reply to Thread
Scarab Replied
Nevermind. In the Detailed SMTP Logs I found the following:
[2018.01.08] 01:37:00 [][48661201] senderEmail(2): americanexpress@welcome.aexp.com parsed using: "American Express" <AmericanExpress@welcome.aexp.com>
[2018.01.08] 01:37:00 [][48661201] no-rsp(no data sent back): 550 Sender is not allowed.
[2018.01.08] 01:37:00 [][48661201] data transfer failed. 
Turns out they were being caught by a Wildcard SMTP Blocked Sender! Modified the wildcard entry and they are going through again now. It's an old rule from several years back so I'm not sure why it started blocking them just in the past three weeks (are the SMTP Blocked Senders now looking at the FROM, RETURN-PATH and REPLY-TO fields now perchance?) but regardless of the devil being in the details it's resolved now.

Reply to Thread