Email sent via an Atlantic Broadband SMTP server not being delivered

I received a report from a couple of users that email they were sending wasn't being delivered to recipients, though they weren't receiving any bounced messages or any indication that their email was not being delivered. Their email clients were sending email to smtp.atlanticbb.net. When I sent email from the same IP address to that Atlantic Broadband Simple Mail Transfer Protocol (SMTP) server addressed to several email accounts I maintain for email troubleshooting on a number of free email services, such as Gmail, none of them reached their destinations, even though as far as the email client was concered, they were successfully delivered to the Atlantic Broadband SMTP server.

Examining the message headers from an email sent from a tech support person at Atlantic Broadband, whom I contacted on June 1 regarding the problem, to my Gmail account (see Viewing message headers in Gmail), I learned that Atlantic Broadband uses Echo Labs to handle their email. I saw the following in the message headers:

Received: from cluster1.echolabs.net (mail.atlanticbb.net. [38.111.141.32])
        by mx.google.com with ESMTP id l144si10145927ybf.89.2016.06.01.19.40.53

When I subsequently spoke to another Atlantic Broadband support person today, he confirmed that Atlantic Broadband uses Echo Labs for its email service. Echo Labs Message Security web page provides information on the mail service they provide to Internet Service Providers (ISPs). That page mentions "ECHO Labs messaging security utilizes Cloudmark's Authority platform to deliver faster messaging throughput and less CPU usage as compared to traditional rules-based anti-spam and anti-virus systems." And examing the email headers further, I could see that Echo Labs in turn uses an anti-spam service from Cloudmark. So after passing from the Echo Labs server, any outgoing email from Atlantic Broadband customer's that uses smtp.atlanticbb.net for delivery will go to a Cloudmark server to be checked for malware. That path can be seen from the X-Scanner-Info line below.

Received: from [10.0.8.1] (HELO MX02.MAIL.ECHOLABS.NET)
  by echolabs.net (CommuniGate Pro SMTP 6.0.9)
  with ESMTP id 415982771 for example123450@gmail.com; Wed, 01 Jun 2016 22:40:53 -0400
Received: from cluster1.echolabs.net ([10.10.10.66])
	by Echo Labs with SMTP
	id 8IZ2bcs0bdrnj8IZ2bf9tb; Wed, 01 Jun 2016 22:40:52 -0400
X-Scanner-Info: Cloudmark - http://www.cloudmark.com
X-CNFS-Analysis: v=2.1 cv=WYfxEBVX c=1 sm=1 tr=0
 a=NvGV9mbruWFLSfo76TNMMw==:117 a=G1GMBpgTPBagPUqfbqNUwA==:17
 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=VXbhf58gAAAA:8
 a=pD_ry4oyNxEA:10 a=pGLkceISAAAA:8 a=43beU8AwAAAA:8 a=69EAbJreAAAA:8
 a=3oc9M9_CAAAA:8 a=KegkHNisgdMX4TEh80EA:9 a=QEXdDO2ut3YA:10
 a=ExTwvd2k1RMqEYI5UZEA:9 a=_W_S_7VecoQA:10 a=KlBsRnFCfVuI6N_k6XfU:22
 a=6kGIvZw6iX1k4Y-7sg4_:22 a=W4LmDEFVUbkIZlTMwqG-:22 a=JlwNWS_Myq4plbCuGd51:22
 a=WQP3B-o2DcFb_-ao3AbR:22
X-CMAE-Score: 0.00
X-Scanned-by: CMAE

According to Michael Hampton's answer to "My website's email is being marked as spam, how do I analyse a X-CNFS-Analysis email header?" at the Pro Webmasters website, The "X-CNFS-Analysis" line also indicates that the message has passed through a CloudMark scan:

The header X-CNFS-Analysis is added to emails processed by Cloudmark Authority, an email filtering engine, and appliances which use this engine such as Cloudmark Security Platform. In newer versions, it has been renamed to X-Authority-Analysis.

According to Everything You Need to Know About Cloudmark by Brian Godiksen:

Some of the largest users of Cloudmark are ISPs such as Comcast, Time Warner Cable / RoadRunner, Cox, CenturyLink/Embarq, EarthLink, Synacor, and Telus.

Cloudmark also protects mailboxes provided by domain registrars and hosted exchange server providers including GoDaddy and Rackspace. A large number of small businesses use packaged solutions from a registrar like GoDaddy that includes a private domain and associated mailboxes.

That webpage also has a link to the Cloudmark Support Request for Cloudmark Authority page for reporting what you may regard as false positive flagging of email as spam.

In this case, I suspect the problem occurred because spam reaching a user's inbox was being forwarded out to a Gmail and Hotmail account via the Atlantic Broadband smtp.atlanticbb.net server, causing the user's home IP address to get flagged as a source of spam by Cloudmark. Unfortunately, with no bounced email being returned, there was no indication that a problem existed until recipients reported they weren't receiving email. Fortunately, whenever I've had to deal with Atlantic Broadband support personnel, they've been knowledgeable and helpful, but they have to contact Echo Labs to get any block removed, which might have been based on IP address in this case.

Related articles:

  1. Cloudmark CSI IP Reputation Remediation

 

Firstrade newegg.com

Justdeals Daily Electronics Deals1x1 px