"I finally talked to someone who knows what the problem is. Your sbl sites have been blocked by the standard DNS forwarders supplied by ATT. This is due to the workload being generated on them from mailservers."
Duh! This is really dumb.
It's not dumb at all. DNSBLs are using the DNS to do general purpose database lookups instead of using a generic database lookup protocol like LDAP. It's not surprising that this sort of ugly hack has unintended side effects. After all, people who build DNS infrastructure intend it to be used to for generic DNS translations, not generic database lookups. Funny thing is that most mailer software that uses DNSBLs also supports LDAP database lookups so there is really no good reason why DNSBLs exist in the first place. IMHO, the DNSBL experiment has proved the usefulness of having a variety of blacklist/whitelist/greylist databases for mail servers to query. It's high time that folks shift these databases onto a protocol that does not interfere with the Internet's critical DNS systems and I believe that LDAP is that protocol. --Michael Dillon