Beyond frustrated: comcast mailservers rate limiting my mailserver for one email to SIX inbound addresses at comcast

Hey there, I am really sorry for the frustration. I would be happy to look into this for you. Can you please send me a private message to Xfinity Support with your full name and full address.

Here are the detailed steps to direct message us:

• Click "Sign In" if necessary

• Click the "Peer to peer chat" icon (upper right corner of this page)

• Click the "New message" (pencil and paper) icon

• Type "Xfinity Support" in the to line and select "Xfinity Support" from the drop-down list

• Type your message in the text area near the bottom of the window

• Press Enter to send your message

Hi ComcastAldrik, thanks for checking in. No, there is no mechanism by which either front-line support or customers can reach the Postmaster team. It's simply not possible for me to point out to the postmaster team that the throttling rules that have been put in place are performing incorrectly, and blocking legitimate email for no reason.

I'm exploring alternatives outside of comcast to mitigate the problem, probably in this case I'll create a mailing list for my user. Mailing lists are generally handled differently both in how they are sent, and how remote hosts accept them. It is an annoyance, but seems the only option.

In short, there's no means by which Comcast employees here on the forum can fix this problem, unfortunately, so my question will go unanswered.

@anastrophe 

You  may be running up against this [from the Customer Acceptable Use Policy]:

use or run dedicated, stand-alone equipment or servers from the Premises that provide network content or any other services to anyone outside of your Premises local area network (“Premises LAN”), also commonly referred to as public services or servers. Examples of prohibited equipment and servers include, but are not limited to, email, web hosting, file sharing, and proxy services and servers;

Comcast Acceptable Use Policy

I don't know this for sure, but it is a possibility, which means you would need to go back to CSA and discuss this with them.

Thanks. That's not the problem, my server is hosted in the AWS cloud.

I was able to set up Amazon's SES on my AWS server, and I am now routing comcast.net - and only comcast.net - out from my server through SES, so, comcast's ridiculous deferrals - which are contrary to the very policies comcast postmaster claims - will no longer torture me and my few users. This really should be fixed on comcast's end, but i'm not holding my breath.

@anastrophe  we are seeing a similar issue: Our email server is hosting on AWS (though currently this particular server is not routing thru SES; we are sending directly via PostFix) and for the last 2 weeks all of the emails from this one server (but not other servers with the same setup) are being not accepted by comcast. Even 1 single email going to a single comcast account is not being accepted, coming back with ... 

host mx2.comcast.net[68.87.20.5] said: 550 5.1.0
    Connection is not being accepted at this time. (in reply to MAIL FROM
    command)

We are NOT being blocked; we filled out 'the form' and got back the same response you did previously: 'You're not blocked' 

Has routing thru SES resolved your issue? In the long term we can/will do this, but not immediately as we need to deal with some of the downsides of routing thru SES (e.g., we have developed custom reporting using our postfix logs and we'll need to redevelop these reports to use AWS logs)

Any update on your progress is appreciated. Thank you for posting this thread; it is nice to not be alone out here with delivery issues to @comcast.net 
accounts. Our clients - who depend on our servers delivering critical email confirmations to their members/users - are not amused by this and neither are we. 

@anastrophe and @troubleshooter2021  send me a direct message with the IP and a few recent logs. 

Hi XfinityGabrielS,

Are you in the CSA group, or can you communicate directly with them? If not, you will not be able to assist. These are not "client" or  comcast email user issues, they're server infrastructure level, and can't be fixed with client level diagnostics. I appreciate the offer of help - sincerely -  but have been down this road too many times. What you _could_ do is try to get word up the chain that the soviet-style blockade that's in place for reaching the CSA folks - the actual CSA folks, not any front-end buffers to the CSA folks - needs to end. It's hostile to people like myself who run infrastructure services and need to resolve infrastructure problems cooperatively. This is a failure at the infrastructure level that is happening at comcast, and which harms comcast's customers.

troubleshooter2021, yes, routing the mails through SES has "solved" the problem for me. My use case of course isn't reliant on getting bounce or reject notifications, unlike yours certainly is, so I commiserate on the added administration this will cause.

As I said in my opening comment way up top, more than four months ago, I've been a systems administrator a long time. I, as well, had a healthy layer of front-line tech support people between me and customers, as a customer demanding to talk to me because the email header said 'postmaster' and they got a message they thought was spam, wasn't, shall we say, scalable. But when someone called in to frontline tech support and said someone was saying that they were seeing wonky fast-repeating incomplete connections on their MX from my outbound, the frontline tech support, who had no idea what that was, could contact me, and i'd say 'send them through'. That's IMPOSSIBLE with comcast - frontline tech literally cannot communicate with CSA, no line of communication is possible.

But as I've also said before, I'm not holding my breath for this to change. I've "fixed" the problem by working around comcast's broken throttles, and done my due diligence on the issue - it is not my responsibility to help fix comcast's infrastructure, even as much as it goes against my systems administrator 'credo' of cooperation with other systems administrators. I've shouted at the brick wall long enough.

I wasn't looking for client logs, I was looking for the server logs, similar to the SMTP server logs you originally posted just more recent. And of course, I will need the connecting IP so we can look at our logs.  

Sounds like you are good with where you are so no need to send them over.  @troubleshooter2021 if you want me to have the team take a look at the issue, please send me a direct message just because you will be sharing detailed information. 

As an FYI, the CSA number is posted here: https://internetsecurity.xfinity.com/ .  

So, just for my clarity - are you in CSA?

In my case, correct, I'm good where I am, and obviously I don't have any recent logs showing the misconfigured throttling on comcast's side, since I no longer send directly to comcast.

Also, note that the CSA number is largely useless. I have called twice about this issue in the past. I was connected to those I described - the blockade in front of the actual CSA folks. The person I spoke to had absolutely no idea about how infrastructure email works, or why I would be calling. They asked me to go through scripted diagnosis only useful for folks trying to connect to comcast as clients - regular users. I spent about an hour each time explaining in detail the specifics. They would not put me through to those who are competent to deal with the issue.

Good luck, troubleshooter2021. If you have success, I'll be very interested to know. Frontline support is eager to help, and I appreciate the efforts. But in my experience, it's been a waste of time - I mean, just look at the details in my first post. The information there is enough for someone in CSA to at least acknowledge the problem, if not fix it. They are the same details I tried communicating with CSA on the phone (and why telephone is absolutely not the best way to communicate this information - but you CANNOT email CSA, at all, you MUST call).