Two different security confirmation codes failed to come through on my email today

Twice today, for two different sites, a 2-factor authorization code failed to come over my email. I asked each one to be re-sent several times. None of the messages ended up in my spam filter.

This has me a bit worried, neither of these was all that important (I was able to work around without accessing the sites) but what if it was something important like my bank? I have no idea how to check what, if anything, might be going wrong.

It’s possible both sites may be wonky. One was xstreet dot org, which had been sending me street cleaning reminders and suddenly stopped, and their screen covering that service doesn’t seem to be working. The other was Open Table, which also offered to send by text, which I received, but when I put the code in the screen immediately asked me for my email again. So maybe this is a coincidence (seems far-fetched, but who knows).

Opinions urgently sought. Thanks.

Are you receiving other emails?

Can you log into those sites and change your settings to send them as a text to your phone? Or is an option to pick a delivery option when they ask you where to send the message?

I’d be concerned that someone changed your contact information. Or as stated by Keeve that your email may be down, which seems more likely since the sites would appear to be unrelated.

Yes, sorry, forgot to mention that. I’ve had several other emails today.

I have to put in my email address in one case, in the other case I can see it before I click on Continue. They were correct both times.

Possibly both sites were blacklisted by your email provider or some intermediary provider. Seems unlikely that both sites would be so affected at the same time, but it’s possible.

They seem like pretty innocuous sites to have been blacklisted. I get reams of scam emails that come straight through (to my spam folder) without any problem.

edited to add: If there is a way for me to check on such possible blacklisted sites, it would be nice to know.

Google for identify blacklisted sites, you’ll find lots of pages that will show if a site’s been blacklisted. No matter how innocuous a site, it could have been hacked and is being used to send spam. This happened to a site I used to help administer.

I’ve had the opposite problem. Emails confirming security codes keep popping up in my inbox about inane stuff like restaurant reservations and when they’re going to clean the streets.

Many blacklists operate on a network level, so it’s not that they’re blocking those sites specifically, but blocking a whole range of IP addresses they happen to belong to, just because one host in that range is sending spam. If it sounds stupid, you are correct.

I’ve failed to receive OTP codes before. Sometimes by email, sometimes by text. Then later it can start working again. Very rarely, I’ll receive a much delayed code. My guess is that the problem exists on the sending side, and they’re just not getting out for some reason. Having it happen at two places makes me think that the problem is with a single third-party provider that both sites are using.

The problem diagnosing the issue is that it could be a breakdown anywhere between the exact server on the remote end you’re interacting with, and the exact device you’re using to view your email, plus the many ancillary services and devices that provide information to help move email from one end to the other. About all you can do is make sure the stuff close to you is working correctly.

By any chance, do you use a lesser-known email provider or a mail forwarding service? Many companies are using systems which filter emails sent to those kinds of email systems. It can be confusing for the end user because the company will let you setup an account with an email of “” without any error, but they won’t actually send emails to “” because it’s a mail forwarding service. And you may get some of their emails but not others. It depends on how their internal systems route the emails to be sent. Promotional emails may be handled by a 3rd party company which doesn’t block domains, but the security code emails may go through a more stringent process which filters out certain domains. Their reasoning is that they want your actual email address rather than a scratch or alias email to mitigate scammers setting up multiple accounts.

Thank you for this. I tried today to log into my investment account with has 2-step authorization, and it came through fine.


That could explain it. I know Comcast uses some blocklists that ban ranges of IP addresses, instead of just the actual hosts that are generating spam. Some of those blocklists are also very slow at removing IP ranges.

For example, I’ve seen situations where email to Comcast sent over IPV4 works fine, but when using IPV6 it does not, because the exact same host sending the email has it’s IPV6 address in a bad range, but it’s IPV4 address is in a clean range.

No way to know for sure if this is what happened to you, or if it was something else.