I never followed up on this, sorry. We reached out to BD about it soon after the OP made this topic and BD said it was a false positive on their end and they removed the label from that domain. At about that time we stopped getting reports of issues from AT&T users.
Maybe AT&T gets a list of suspicious domains from BD? Or maybe somewhere that domain has been mistakenly flagged and that flag pops up on various ISP’s lists of suspicious domains?