Twice today, for two different sites, a 2-factor authorization code failed to come over my email. I asked each one to be re-sent several times. None of the messages ended up in my spam filter.
This has me a bit worried, neither of these was all that important (I was able to work around without accessing the sites) but what if it was something important like my bank? I have no idea how to check what, if anything, might be going wrong.
It’s possible both sites may be wonky. One was xstreet dot org, which had been sending me street cleaning reminders and suddenly stopped, and their screen covering that service doesn’t seem to be working. The other was Open Table, which also offered to send by text, which I received, but when I put the code in the screen immediately asked me for my email again. So maybe this is a coincidence (seems far-fetched, but who knows).
Google for identify blacklisted sites, you’ll find lots of pages that will show if a site’s been blacklisted. No matter how innocuous a site, it could have been hacked and is being used to send spam. This happened to a site I used to help administer.
Many blacklists operate on a network level, so it’s not that they’re blocking those sites specifically, but blocking a whole range of IP addresses they happen to belong to, just because one host in that range is sending spam. If it sounds stupid, you are correct.
I’ve failed to receive OTP codes before. Sometimes by email, sometimes by text. Then later it can start working again. Very rarely, I’ll receive a much delayed code. My guess is that the problem exists on the sending side, and they’re just not getting out for some reason. Having it happen at two places makes me think that the problem is with a single third-party provider that both sites are using.
The problem diagnosing the issue is that it could be a breakdown anywhere between the exact server on the remote end you’re interacting with, and the exact device you’re using to view your email, plus the many ancillary services and devices that provide information to help move email from one end to the other. About all you can do is make sure the stuff close to you is working correctly.
By any chance, do you use a lesser-known email provider or a mail forwarding service? Many companies are using systems which filter emails sent to those kinds of email systems. It can be confusing for the end user because the company will let you setup an account with an email of “email@example.com” without any error, but they won’t actually send emails to “mailforward.com” because it’s a mail forwarding service. And you may get some of their emails but not others. It depends on how their internal systems route the emails to be sent. Promotional emails may be handled by a 3rd party company which doesn’t block domains, but the security code emails may go through a more stringent process which filters out certain domains. Their reasoning is that they want your actual email address rather than a scratch or alias email to mitigate scammers setting up multiple accounts.
That could explain it. I know Comcast uses some blocklists that ban ranges of IP addresses, instead of just the actual hosts that are generating spam. Some of those blocklists are also very slow at removing IP ranges.
For example, I’ve seen situations where email to Comcast sent over IPV4 works fine, but when using IPV6 it does not, because the exact same host sending the email has it’s IPV6 address in a bad range, but it’s IPV4 address is in a clean range.
No way to know for sure if this is what happened to you, or if it was something else.