tiny plain-text string in body causes email to bounce back from some servers

Posted on 2015-02-07
Last Modified: 2015-04-03
A company with Comcast Small Business router and Godaddy package for email finds that SOME of their emails to SOME people bounce back with "return codes" (usually 554 or 550). The "return code 550" bouncebacks happen even when the addressees are people who have been emailed hundreds of times successfully.  Problem happens with webmail as well as mail clients (Outlook, Mac Mail with recommended server/port settings).  Recipients have checked their spam folders.

When they send to my yahoo acct, it always goes through.  When they send to my gmail acct, it bounces back to them SOMEtimes. Usually it's when other emails are forwarded/attached.  

After great trial and error I found that, in ONE case, if they send me a NEW email msg that contains nothing but the plain text string "" in the body, it will go to my yahoo but bounce back from my gmail. (If they delete the first "b" it doesn't bounce back.)  The bounceback messages say:

Reporting-MTA: dns; []
Received-From-MTA: dns; localhost []
Arrival-Date: Sat, 07 Feb 2015 00:56:29 -0700

Final-recipient: rfc822;
Action: failed
Status: 5.1.1
Diagnostic-Code: smtp;  550 5.7.1 more information. e10si13050465pds.193 - gsmtp
Last-attempt-Date: Sat, 07 Feb 2015 00:56:29 -0700

I also have full message headers from yahoo I can upload if nec.

Any ideas?
Question by:dgrrr
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40595375
"" is probably being considered a malicious web site address.  If that's the case, then all you can do is don't put that in your email.
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40595471
"" is listed in the DBL (Domain Block List) on Spamhaus  That's why the emails are bouncing when you include that text.

Author Comment

ID: 40595522
Does that explain what's happening here? Are you saying that if I refer by name to blocklisted site in an email, the email can get rejected? I've never heard of that.

Also, is there a way to search a document or email for such text?
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.


Author Comment

ID: 40595523
And would a few email servers react like that to a phrase in such a way, and the rest not? Seems like GMAIL wouldn't be that vulnerable to that kind of thing. You could use this to sabotage documents, so they'd never get forwarded.
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40595536
Yes.  Frankly, email is a mess.  Different servers do different things.  And it's not a matter of being 'vulnerable', it's a matter of the rules they use to scan email for problems.  You should realize that 80% or more of email is spam that never gets passed on by the mail servers.  If 'you' break their rules, your email gets rejected or just plain dumped.

Author Comment

ID: 40602512
At the end of a 4 hours chat with go daddy, the tech said that MXToolbox was unable to connect to some of the recipient email address (ones that are valid and in constant use), and that I needed to get all of these random email addresses and servers off of blacklists (that are intermittent)

But on further testing, that tool doesn't connect to ANY GMAIL ADDRESSES!

(1) Am I using that tool right? I.E. Go to, and pasting in the whole email address? It doesn't say anywhere its for email addresses, it just says servers. And it says a bunch of valid emails are bad. WTF?

(2) Is it a waste of time? Can a blacklist only apply some of the time? Every other email from person a to person b?

(3) I've made a list of all the mail servers listed in the NDR's,and all the sender and recipient email addresses involved. What do I do now? Contact all the domains, ask for whitelisting of all the email addresses.
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40602552
1.  Yes, it is just for servers.

2.  Technically it is a Block List as in your email is blocked.  On large email servers, the email filter software doesn't always have the same lists on all the machine.  And each different server has it's own block list.  There really isn't any 'master' block list.

3.  As far as I know (and Gmail says this explicitly), you can not whitelist your email addresses on someone else's server.  Every email's content is scanned separately even when it comes from the same email address.

Your original post above says that you are being blocked for 'content', specifically the words "".  You can't whitelist your content.  At all.  Anywhere.  My anti-virus will block content that is in it's block lists.

Author Comment

ID: 40602642
Thanks DB. I've confused things a bit on this page by discussing two diff probs, the specific "" phenom, and the larger issue of my client not being able to send mails (sometimes) to about 15 industry colleages.

But I fiinally wsa able to sit at her desk and use mac mail to display the headers, in full, of the "believe" mails:

      From:       Firstname Lastname <******.*****.com>
      Subject:       contains phrase
      Date:       February 11, 2015 12:31:55 AM PST
      To:       <*****>
      Cc:       <******>
      X-Spam-Cmae:       v=2.1 cv=ZeGTN6lA c=1 sm=1 tr=0 p=cID9LFI6AAAA:8 a=naB2BCbaJ9Eq8U3whXKdZw==:117 a=naB2BCbaJ9Eq8U3whXKdZw==:17 a=TZb1taSUAAAA:8 a=E1P78B39AAAA:8 a=FET0fiAFXxfquXtmqXMA:9 a=8ACy7X37OUdJvLyn:21 a=ZnpFFi6dliDsguFF:21 a=CjuIK1q_8ugA:10 a=MDelWGONZl8A:10 a=pKq1ibsGsj0A:10 a=l4Fz4kFV6kMA:10 a=8JMbB6Wc3gMA:10 a=EtMeagz1OWEA:10 a=X1WmsetFAAAA:20 a=mlkOrGLNAgnqMg1pHs8A:9 a=Wnlcm3z8AF2qtV-J:21 a=RQaohEBp8KolmS8x:21 a=ATGJaemb7jEZhHaC:21 a=_W_S_7VecoQA:10
      X-Spam-Account:       *****.*****.com
      X-Spam-Domain:       *****.com
      Content-Type:       multipart/alternative; boundary="Apple-Mail=_85F9FA4C-0D85-41A7-9134-9994878A9FC6"
      Message-Id:       <A46D3456-E8E0-4BA7-A99E-C78A6CCAFF64@***************.com>
      Mime-Version:       1.0 (Apple Message framework v1283)
      X-Mailer:       Apple Mail (2.1283)


From: Mail Delivery System
Subject: Delivery Status Notification
Date: February 11, 2015 12:31:58 AM PST
To: ********@*************.com
Received: (qmail 3209 invoked by uid 30297); 11 Feb 2015 08:31:58 -0000
Received: from unknown (HELO ([]) (envelope-sender <>) by (qmail-1.03) with SMTP for <******@******.com>; 11 Feb 2015 08:31:58 -0000
Received: from ([]) by with bizsmtp id qwXg1p00s57mpet01wXyi3; Wed, 11 Feb 2015 01:31:58 -0700
Mime-Version: 1.0
Content-Type: multipart/report; boundary="------------I305M09060309060P_989014236435180"
X-Nonspam: None

[Return Code 550] sid: qwXw1p00E3DgBUa01 :: 5.7.1 more information. ru7si1240641igb.56 - gsmtp
LVL 83

Accepted Solution

Dave Baldwin earned 500 total points
ID: 40602703
"" is a content problem and you can not 'whitelist' it away.  If that phrase is on a Block List or anti-virus list, it will simply be blocked.  There is nothing you can do about that unless that is your domain and you can submit a request to have it removed.  Even so, it is impossible to tell how long that would take.

As for the other problems, you will have to get the NDRs and see why they are being bounced.  Only then can you figure out what to do.

Author Comment

ID: 40604986
I see so the "" bounces are not really relevant in to the issue of the other emails being blocked for unknown reasons.... I thought they might be related.

They still might be -- Most of the returned mails are forwards of forwards of forwards.  But you're suggesting I may need to deal with each separate NDR, yes?

Author Comment

ID: 40604988
But I'm still looking for a confirmation that the "" emails are being returned because it's blacklisted content. I'm just ASSUMING that.  The codes could suggest it's some other issue that IS related to the others (even tho it's TRIGGERED  by the phrase.)
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40605119
The fact that the emails bounce when they contain "" and don't bounce if you change even one letter would be more than enough proof for me.

It is not unusual for "forwards of forwards of forwards" to set off spam filters.  You will have to look at the NDRs to see what the reasons are.  It is possible that they have a common problem... but you won't know until you look at them.

Featured Post

Ready to get started with anonymous questions?

It's easy! Check out this step-by-step guide for asking an anonymous question on Experts Exchange.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question