We've been experiencing an issue with valid emails from AEXP.COM (American Express) being stuck in the Spool and never delivered since around 16.3.6558. They are passing SPF, DKIM, and DMARC. If I had to venture a guess it would appear to be due to the Reply-To: "" <DoNotReplyUS@service.americanexpress.com> field as shown in the Headers below:
Received: from welcome.aexp.com (extmta2-new.aexp.com [126.96.36.199]) by mta01.scarabmedia.com with SMTP
Mon, 8 Jan 2018 09:10:17 -0800
DKIM-Signature: v=1; a=rsa-sha256; d=welcome.aexp.com; s=prod-selector; c=relaxed/relaxed;
q=dns/txt; firstname.lastname@example.org; t=1515431415;
Date: Mon, 08 Jan 2018 10:10:15 -0700
From: "American Express" <AmericanExpress@welcome.aexp.com>
Reply-To: "" <DoNotReplyUS@service.americanexpress.com>
Subject: We processed your payment
X-Declude-Sender: HEALT030201801080904470776004840.AMEX.MYCA@welcome.aexp.com [188.8.131.52]
X-Declude-Scan: Score  at 09:11:20 on 08 Jan 2018
X-Declude-Tests: FROMNOMATCH , bl-core-countries , bl-core-basics , bl-pre-country-us 
X-Identity: 184.108.40.206 | (timeout) | welcome.aexp.com
This is occurring with all valid emails from American Express, including Activity & Statement alerts and 2FA notices.
How can this be resolved? Using FORCE in the Manage Spool doesn't do anything and adding their IPs to the WHITELIST for SMTP doesn't seem to help.