It appears that this is due to hostgator foolishly filtering based on the EHLO on the (authenticated) submission port. Providers do need to have things in place in case of stolen credentials, but dumping mail because of:
EHLO [127.0.0.1]
isn’t anywhere in the range of “best current practices” when handling authenticated submission.