Summary
Current observations indicate a significant, global surge in block bounces for emails sent to AT&T domains, predominantly affecting US-based senders. This widespread issue is often characterized by "DNSBL:RBL" bounce messages, pointing to real-time blacklist or reputation-based blocks. Experts suggest this is largely a result of AT&T's heightened security measures, possibly targeting specific, widespread spam campaigns involving particular links or content, or stemming from unannounced updates to their filtering algorithms. Even senders with strong reputations are experiencing these blocks, and simple volume throttling has not consistently alleviated the problem. This highlights AT&T's stringent filtering and the need for senders to maintain optimal email deliverability practices.
Key findings
- Widespread Blocks: There is a global increase in block bounces for AT&T email domains, with a primary impact on US-based senders.
- RBL Mentions: Bounce messages frequently cite 'DNSBL:RBL,' indicating blocks due to real-time blacklists or AT&T's internal reputation systems.
- Targeted Spam Campaigns: The spike is likely linked to AT&T's security measures actively combating a specific spam campaign, potentially involving particular links or content patterns.
- Reputable Senders Affected: Even senders with excellent reputations are experiencing significant blocks, suggesting an aggressive or broad filtering approach from AT&T.
- Throttling Ineffective: Simply reducing email volume has not proven effective in resolving the issue for all affected senders.
Key considerations
- Authentication Protocols: Verify DMARC alignment, SPF, and DKIM, as AT&T is highly sensitive to proper sender authentication, and issues here can lead to rejections.
- IP and Sender Reputation: Regularly monitor your sending IP's reputation and check for blacklistings or sudden negative shifts due to complaints or invalid addresses.
- Content Filtering Triggers: Scrutinize email content for spammy keywords, suspicious links, excessive images, or attachments that might trigger AT&T's advanced filters, even minor changes.
- List Hygiene: Maintain a clean email list by promptly removing inactive, invalid, or spam trap addresses; sending to a high percentage of these can be interpreted as suspicious.
- Engagement Metrics: Track recipient engagement, as declining positive engagement or increasing negative signals from your AT&T audience can cause filters to become more aggressive.
- Reverse DNS (rDNS): Ensure your rDNS is correctly configured and resolves back to your sending IP; a misconfiguration can lead to block bounces.
- Sending Volume Spikes: Be cautious of sudden or drastic increases in email volume or sending velocity to AT&T domains, which can trigger temporary blocks or greylisting.
- Compromised Systems: Investigate any possibility of a compromised sending account or server that could be unknowingly sending spam, leading to widespread blocks.
- Feedback Loops (FBL): Confirm your abuse complaint feedback loops are properly registered and processed to remove complainers, as ignoring them can result in blocks.
- AT&T Filter Updates: Be aware that AT&T frequently updates its spam and security filters without public announcements, which can lead to unexpected blocks of previously accepted emails.
What email marketers say
11 marketer opinions
The recent surge in block bounces for emails to AT&T domains is a multifaceted challenge, impacting even senders with excellent reputations, especially those based in the US. While these blocks frequently present with 'DNSBL:RBL' messages, indicating reputation or blacklist issues, simply reducing sending volume has not proven effective. Various factors contribute to this phenomenon, including AT&T's reliance on IP reputation, potential unannounced updates to their spam and security filters, and highly specific content triggers that might unintentionally mimic current phishing campaigns. Furthermore, problems with list hygiene, such as sending to inactive or spam trap addresses, alongside improper reverse DNS setup, unmanaged feedback loops, or even compromised sending systems, are critical contributors to these blocks. This collective experience underscores the necessity for senders to rigorously manage all aspects of their email deliverability.
Key opinions
- Widespread Impact: The increase in AT&T block bounces is a global issue, primarily affecting US-based senders, with multiple marketers reporting similar problems.
- Consistent Bounce Messages: Specific bounce messages, such as 'DNSBL:RBL 521< ***>_is_blocked,' are consistently reported, indicating a reputation-based blocking mechanism.
- Reputation Not a Shield: Even senders with sterling reputations are experiencing blocks, and attempts to throttle sending volume have not reliably resolved the issue.
- Similarity to Past Blocks: The situation is being compared to prior large-scale ISP blocking incidents, suggesting a systemic filtering adjustment by AT&T.
- Direct Engagement Recommended: Contacting AT&T directly via their abuse email, or engaging in their community forums, is suggested by affected senders as a means to gain clarity or resolution.
Key considerations
- IP and Sender Reputation: Continuously monitor your sending IP's reputation and check for listings on major blacklists, as AT&T heavily relies on this for filtering decisions.
- List Hygiene Practices: Prioritize rigorous list cleaning to remove inactive, invalid, or spam trap addresses; sending to these can trigger AT&T's suspicious activity algorithms.
- Reverse DNS Verification: Ensure your reverse DNS (rDNS) is correctly configured and resolves accurately back to your sending IP address, as improper setup can lead to rejections.
- Content and Phishing Mimicry: Review email content for phrases, links, or formatting that might inadvertently align with current phishing campaigns or specific content triggers used by AT&T's filters.
- Feedback Loop Management: Verify that your abuse complaint feedback loops are properly registered and actively managed, promptly removing complainers to prevent widespread blocks.
- System Security Audit: Investigate any possibility of a compromised sending account or server that could be unintentionally sending spam, leading to blocks across your campaigns.
- Unannounced Filter Changes: Acknowledge that AT&T frequently updates its spam and security filters without public notification, which can cause previously accepted emails to be blocked.
Marketer view
Email marketer from Email Geeks explains that a client, a 'great sender,' is also experiencing a high number of bounces and blocks with AT&T. She advises checking bounce messages for RBL mentions and confirms seeing the specific bounce message with 'DNSBL:RBL'. She notes that throttling volume did not help her sender, who is US based and has a sterling reputation. She plans to contact AT&T directly via the email in the bounce message to gather more information, and acknowledges the helpfulness of the AT&T forum link shared by Erika.
11 Feb 2025 - Email Geeks
Marketer view
Email marketer from Email Geeks explains there's a global increase in AT&T bounces/blocks, mentioning other marketers on a mailing list are also experiencing it and seeking AT&T contacts. He specifically notes this issue is mainly affecting US-based senders and compares it to a 'Barracuda case'.
29 Oct 2022 - Email Geeks
What the experts say
2 expert opinions
The recent surge in block bounces affecting AT&T email domains, including att.net, sbcglobal.net, and bellsouth.net, is primarily a consequence of AT&T's intensified security measures. Experts indicate these actions are specifically aimed at widespread spam campaigns that leverage particular links or content patterns. The situation might also stem from a temporary misconfiguration or a deliberate, targeted response to a specific incident.
Key opinions
- Targeted Campaign Response: AT&T's recent mail blocks across its domains, such as att.net and sbcglobal.net, are a direct response to a widespread spam campaign using specific links.
- Content-Based Blocking: AT&T is actively blocking emails based on specific content, particularly suspicious links, as part of its security initiatives.
- Potential Misconfiguration: Some experts suggest the spike in blocks could partially be due to a temporary misconfiguration on AT&T's side, in addition to deliberate actions.
Key considerations
- Validate Authentication: Senders must ensure robust email authentication, including SPF, DKIM, and DMARC, is correctly configured and aligned to meet AT&T's stringent requirements.
- Content Scrutiny: Thoroughly review email content for any suspicious or potentially problematic links that could mimic current spam campaigns and trigger AT&T's filters.
- Monitor Sending Infrastructure: Regularly check for compromised accounts or list bombing activities, as these can severely impact deliverability to AT&T domains.
- IP Reputation Check: Verify that your sending IPs are not listed on any blacklists, which can lead to immediate rejections from AT&T.
- Temporary Nature: Acknowledge that the current block might be temporary and related to a specific incident, so continued monitoring and compliance are crucial.
Expert view
Expert from Spam Resource explains that AT&T (including att.net and sbcglobal.net) implemented a mail block, possibly due to a misconfiguration or a deliberate action targeting a widespread spam campaign involving a specific link. He advises senders to ensure DMARC is set up and IPs are not blacklisted, noting the block might be temporary and tied to a particular incident.
26 Apr 2022 - Spam Resource
Expert view
Expert from Word to the Wise explains that a recent surge in blocks from AT&T domains (like sbcglobal.net, att.net, bellsouth.net) is likely due to AT&T's security measures targeting a specific spam campaign involving particular links. She advises senders to check content for suspicious links, ensure strong authentication (SPF, DKIM, DMARC), and monitor for compromised accounts or list bombing, as AT&T is actively blocking specific content.
26 Feb 2022 - Word to the Wise
What the documentation says
4 technical articles
The recent spike in block bounces for emails sent to AT&T domains stems from several critical factors related to their stringent filtering policies. A primary cause is AT&T's heightened sensitivity to sender authentication, with issues in DMARC alignment or failed SPF and DKIM checks often leading to rejections. Furthermore, their advanced content filters are increasingly flagging emails that contain spammy keywords, suspicious links, excessive images, or problematic attachments. Declining recipient engagement, characterized by low open rates and increased spam complaints from the AT&T audience, also contributes to more aggressive filtering. Lastly, sudden increases in sending volume or velocity can trigger temporary blocks, as these behaviors are often perceived as suspicious by AT&T's systems.
Key findings
- Authentication Dependence: AT&T, like many ISPs, places high importance on email authentication protocols such as DMARC, SPF, and DKIM; failures can directly lead to block bounces.
- Advanced Content Filtering: AT&T employs sophisticated content filters that can block emails containing specific keywords, suspicious links, or problematic attachments, even if the sender's reputation is strong.
- Engagement's Role: Recipient engagement signals, including opens, clicks, and spam complaints, significantly influence AT&T's filtering aggressiveness; poor engagement can tighten filters.
- Volume Sensitivity: Rapid increases in sending volume or velocity to AT&T domains can be perceived as suspicious behavior, triggering temporary blocks or greylisting, regardless of email legitimacy.
Key considerations
- Validate Authentication: Rigorously check and ensure proper DMARC alignment, SPF records, and DKIM signatures, as AT&T systems are highly sensitive to authentication failures.
- Scrutinize Content: Carefully review email content for anything that might trigger spam filters, including suspicious links, excessive images, attachments, or spammy keywords.
- Monitor Engagement Signals: Actively track recipient engagement metrics for your AT&T audience; low open rates, high bounce rates, or increased spam complaints can negatively impact deliverability.
- Manage Sending Volume: Avoid sudden, large increases in sending volume or velocity to AT&T domains, as such spikes can be flagged as suspicious activity and lead to temporary blocks.
Technical article
Documentation from SparkPost Support explains that AT&T, similar to other major ISPs, is highly sensitive to sender authentication, particularly DMARC. A sudden spike in block bounces could indicate issues with DMARC alignment, failed SPF or DKIM checks, or a change in AT&T's enforcement policies, leading to rejections of unauthenticated mail.
30 Sep 2021 - SparkPost Support Documentation
Technical article
Documentation from SendGrid explains that ISPs like AT&T employ advanced content filters. A sudden increase in blocks can occur if email content includes spammy keywords, suspicious links, excessive images, or attachments that trigger these filters. Even minor content changes can lead to a 'spike' if a new filter threshold is crossed.
17 Jan 2023 - SendGrid Documentation
Why am I seeing a spike in hard bounces later in my email campaign sends?
Why am I seeing increased email bounces at AT&T?
Why am I seeing reverse DNS failure bounces from ATT?
Why am I suddenly seeing an increase in bounces from Microsoft domains?
Why are we seeing an increase in hard bounces from smaller domains?
Why is there a sudden spike in Yahoo 'mailbox not found' bounce rates?
