tiny plain-text string in body causes email to bounce back from some servers

A company with Comcast Small Business router and Godaddy package for email finds that SOME of their emails to SOME people bounce back with "return codes" (usually 554 or 550). The "return code 550" bouncebacks happen even when the addressees are people who have been emailed hundreds of times successfully.  Problem happens with webmail as well as mail clients (Outlook, Mac Mail with recommended server/port settings).  Recipients have checked their spam folders.

When they send to my yahoo acct, it always goes through.  When they send to my gmail acct, it bounces back to them SOMEtimes. Usually it's when other emails are forwarded/attached.  

After great trial and error I found that, in ONE case, if they send me a NEW email msg that contains nothing but the plain text string "believeadjust.us" in the body, it will go to my yahoo but bounce back from my gmail. (If they delete the first "b" it doesn't bounce back.)  The bounceback messages say:

Reporting-MTA: dns; p3plwbeout18-05.prod.phx3.secureserver.net []
Received-From-MTA: dns; localhost []
Arrival-Date: Sat, 07 Feb 2015 00:56:29 -0700

Final-recipient: rfc822; losersaysdoh@gmail.com
Action: failed
Status: 5.1.1
Diagnostic-Code: smtp;  550 5.7.1 more information. e10si13050465pds.193 - gsmtp
Last-attempt-Date: Sat, 07 Feb 2015 00:56:29 -0700

I also have full message headers from yahoo I can upload if nec.

Any ideas?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave BaldwinFixer of ProblemsCommented:
"believeadjust.us" is probably being considered a malicious web site address.  If that's the case, then all you can do is don't put that in your email.
Dave BaldwinFixer of ProblemsCommented:
"believeadjust.us" is listed in the DBL (Domain Block List) on Spamhaus http://www.spamhaus.org/query/domain/believeadjust.us  That's why the emails are bouncing when you include that text.
dgrrrAuthor Commented:
Does that explain what's happening here? Are you saying that if I refer by name to blocklisted site in an email, the email can get rejected? I've never heard of that.

Also, is there a way to search a document or email for such text?
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

dgrrrAuthor Commented:
And would a few email servers react like that to a phrase in such a way, and the rest not? Seems like GMAIL wouldn't be that vulnerable to that kind of thing. You could use this to sabotage documents, so they'd never get forwarded.
Dave BaldwinFixer of ProblemsCommented:
Yes.  Frankly, email is a mess.  Different servers do different things.  And it's not a matter of being 'vulnerable', it's a matter of the rules they use to scan email for problems.  You should realize that 80% or more of email is spam that never gets passed on by the mail servers.  If 'you' break their rules, your email gets rejected or just plain dumped.
dgrrrAuthor Commented:
At the end of a 4 hours chat with go daddy, the tech said that MXToolbox was unable to connect to some of the recipient email address (ones that are valid and in constant use), and that I needed to get all of these random email addresses and servers off of blacklists (that are intermittent)

But on further testing, that tool doesn't connect to ANY GMAIL ADDRESSES!

(1) Am I using that tool right? I.E. Go to mxtoolbox.com/diagnostic.apx, and pasting in the whole email address? It doesn't say anywhere its for email addresses, it just says servers. And it says a bunch of valid emails are bad. WTF?

(2) Is it a waste of time? Can a blacklist only apply some of the time? Every other email from person a to person b?

(3) I've made a list of all the mail servers listed in the NDR's,and all the sender and recipient email addresses involved. What do I do now? Contact all the domains, ask for whitelisting of all the email addresses.
Dave BaldwinFixer of ProblemsCommented:
1.  Yes, it is just for servers.

2.  Technically it is a Block List as in your email is blocked.  On large email servers, the email filter software doesn't always have the same lists on all the machine.  And each different server has it's own block list.  There really isn't any 'master' block list.

3.  As far as I know (and Gmail says this explicitly), you can not whitelist your email addresses on someone else's server.  Every email's content is scanned separately even when it comes from the same email address.

Your original post above says that you are being blocked for 'content', specifically the words "believeadjust.us".  You can't whitelist your content.  At all.  Anywhere.  My anti-virus will block content that is in it's block lists.
dgrrrAuthor Commented:
Thanks DB. I've confused things a bit on this page by discussing two diff probs, the specific "believeadjust.us" phenom, and the larger issue of my client not being able to send mails (sometimes) to about 15 industry colleages.

But I fiinally wsa able to sit at her desk and use mac mail to display the headers, in full, of the "believe adjust.us" mails:

      From:       Firstname Lastname <******.*****.com>
      Subject:       contains phrase
      Date:       February 11, 2015 12:31:55 AM PST
      To:       <*****@yahoo.com>
      Cc:       <******@gmail.com>
      X-Spam-Cmae:       v=2.1 cv=ZeGTN6lA c=1 sm=1 tr=0 p=cID9LFI6AAAA:8 a=naB2BCbaJ9Eq8U3whXKdZw==:117 a=naB2BCbaJ9Eq8U3whXKdZw==:17 a=TZb1taSUAAAA:8 a=E1P78B39AAAA:8 a=FET0fiAFXxfquXtmqXMA:9 a=8ACy7X37OUdJvLyn:21 a=ZnpFFi6dliDsguFF:21 a=CjuIK1q_8ugA:10 a=MDelWGONZl8A:10 a=pKq1ibsGsj0A:10 a=l4Fz4kFV6kMA:10 a=8JMbB6Wc3gMA:10 a=EtMeagz1OWEA:10 a=X1WmsetFAAAA:20 a=mlkOrGLNAgnqMg1pHs8A:9 a=Wnlcm3z8AF2qtV-J:21 a=RQaohEBp8KolmS8x:21 a=ATGJaemb7jEZhHaC:21 a=_W_S_7VecoQA:10
      X-Spam-Account:       *****.*****.com
      X-Spam-Domain:       *****.com
      Content-Type:       multipart/alternative; boundary="Apple-Mail=_85F9FA4C-0D85-41A7-9134-9994878A9FC6"
      Message-Id:       <A46D3456-E8E0-4BA7-A99E-C78A6CCAFF64@***************.com>
      Mime-Version:       1.0 (Apple Message framework v1283)
      X-Mailer:       Apple Mail (2.1283)


From: Mail Delivery System
Subject: Delivery Status Notification
Date: February 11, 2015 12:31:58 AM PST
To: ********@*************.com
Received: (qmail 3209 invoked by uid 30297); 11 Feb 2015 08:31:58 -0000
Received: from unknown (HELO p3plibsmtp03-06.prod.phx3.secureserver.net) ([]) (envelope-sender <>) by p3plsmtp18-05.prod.phx3.secureserver.net (qmail-1.03) with SMTP for <******@******.com>; 11 Feb 2015 08:31:58 -0000
Received: from p3plsmtpa07-08.prod.phx3.secureserver.net ([]) by p3plibsmtp03-06.prod.phx3.secureserver.net with bizsmtp id qwXg1p00s57mpet01wXyi3; Wed, 11 Feb 2015 01:31:58 -0700
Mime-Version: 1.0
Content-Type: multipart/report; boundary="------------I305M09060309060P_989014236435180"
X-Nonspam: None

[Return Code 550] sid: qwXw1p00E3DgBUa01 :: 5.7.1 more information. ru7si1240641igb.56 - gsmtp
Dave BaldwinFixer of ProblemsCommented:
"believeadjust.us" is a content problem and you can not 'whitelist' it away.  If that phrase is on a Block List or anti-virus list, it will simply be blocked.  There is nothing you can do about that unless that is your domain and you can submit a request to have it removed.  Even so, it is impossible to tell how long that would take.

As for the other problems, you will have to get the NDRs and see why they are being bounced.  Only then can you figure out what to do.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dgrrrAuthor Commented:
I see so the "believeadjust.us" bounces are not really relevant in to the issue of the other emails being blocked for unknown reasons.... I thought they might be related.

They still might be -- Most of the returned mails are forwards of forwards of forwards.  But you're suggesting I may need to deal with each separate NDR, yes?
dgrrrAuthor Commented:
But I'm still looking for a confirmation that the "believeadjust.us" emails are being returned because it's blacklisted content. I'm just ASSUMING that.  The codes could suggest it's some other issue that IS related to the others (even tho it's TRIGGERED  by the phrase.)
Dave BaldwinFixer of ProblemsCommented:
The fact that the emails bounce when they contain "believeadjust.us" and don't bounce if you change even one letter would be more than enough proof for me.

It is not unusual for "forwards of forwards of forwards" to set off spam filters.  You will have to look at the NDRs to see what the reasons are.  It is possible that they have a common problem... but you won't know until you look at them.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.