Email IP Blocked - Xfinity NO Help

I have checked multiple times, everything seems to be configured properly. MOST emails go through just fine, only recipients with Cloudflare filtering are being blocked.
Either other systems are not doing reverse lookups or Cloudflare is doing them wrong. This could be a new bug at Cloudflare, but that seems unlikely or a lot more people would be complaining about it.
I was surprised by the Comcast IP too, but I have to go through Comcast to even reach my Hostgator accounts.
I think the next step is to look at the SMTP log from Thunderbird while sending an email to an address that has been bouncing. Maybe HostGator has changed the port or security method so your Thunderbird settings no longer work and it's using some fallback method. (No idea if Thunderbird has that capability, just trying to think about what might be happening based on what you are seeing.) If you do see a failure before the 550 reject, then call HostGator and ask for help. Or if you see that you're connecting to an SMTP server that is not the one your DNS records identify, you'll know there's a problem in the Thunderbird settings.

If looking at the log doesn't tell you anything, then create an email address at some site that doesn't use Cloudflare or Spamhaus and send it a test email from Thunderbird and from Webmail. Look at both sets of headers and see exactly what's different.
 
Yes, SPF and DKIM records are all properly configured. As I said, the problem is not with my email accounts. I can send without issue using a Web based email client or over a data connection on my phone. It's only local clients on my computer that are affected by the IP block.

Unfortunately, it's difficult to manage multiple email accounts with a web based email client (there are a few exceptions), and no way I know of to be notified when new emails arrive with web based email.

I'm trying the Surfshark VPN which does allow me to bypass the Comcast IP, but it costs extra. Oddly, I have noticed a couple of the alternate IP addresses it offers are flagged as spam on some web sites. Thankfully, I can turn off the VPN for everything other than my email.
I understand that you want this to be a comcast thing, but it is not. Of course comcast could temporarily mitigate your problem, but then some other user would get your IP which is on the RBL and other locations. For your type of service, a fixed IP is not a feature. Simple rule, I think.

So you've checked SPF settings in the DNS, and find that comcast is listed?

Ref: An SPF Record Example To Help You Understand The Working Of Sender Policy Framework - DuoCircle

Likewise, for DKIM.


Your mail sending settings would also be a critical item to look at, as Cathy is explaining.

You are the mail admin for your domain (not comcast or cloudflare or...) and if you have sufficient time available it is quite a learning experience. Along the way you may decide to outsource the email anchor. That takes cares of a multitude of problems that build up.

Just to explain to others, when you use the web email client, there are differences in the headers of the email. All of the details in email headers are potentially important when you try to deconstruct what has happened, and how to use settings/measures to guarantee it doesn't happen again. This all adds up to lots of admin time, and many times you'll see this pointed out when someone asks about getting their own domain.
 
So you've checked SPF settings in the DNS, and find that comcast is listed?
No Comcast is not listed in my SPF settings. I did find a few errors in the SPF record and had Hostgator fix them for me but, as I expected, it didn't change anything.

The bounced error message clearly mentions my Comcast IP, not my Hostgator IP's. I can easily verify it is not my Hostgator settings by sending the same emails from a web email client, over a data connection on my phone, or even with a VPN to bypass the Comcast IP. All work fine. It's only the direct connection through Comcast that gets bounced.

I'm not blaming Comcast, but there are only two ways to fix the problem. Either cloudflare would have to remove the block at the destination end (which they refuse to do for a dynamic IP), or Comcast would need to move me to a different IP block (which they can't or won't do). It's basically a dead end either way as neither end will budge or provide a solution.

No amount of fussing with Hostgator is going to change anything because they're not the IP being blocked.

I've also tried three different email clients on my computer and they all bounce back, so it's not a Thunderbird problem either.

I still need to see if changing my cable modem affects anything, but otherwise the VPN seems to be my only option. It solves the email problem, but I have encountered some other errors when browsing various web sites or even logging into Google. That's an extra hassle, but I guess I can live with it.
 
I think the next step is to look at the SMTP log from Thunderbird while sending an email to an address that has been bouncing.
I did compare the SMTP logs between the address that bounces and the address that goes through. There's no difference other than the address itself and the size of the email.
 
Your external IP should be in SPF. That won't get you off the RBL but may help keep you off the RBL later if you ever resolve this.
 
Installed my new modem today. Naturally, activation via the Xfinity app wouldn't work, and it took over an hour on a chat to finally get it activated. But it's up and running.

No change to the local IP address, it's still the same as it was on the old modem.

I've encountered a few quirks with the Surfshark VPN service, but with a few tweaks everything is mostly working normally again. So, I'm calling this good enough and moving on. I've wasted far too much time on this already.
 
Back
Top Bottom