Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

tiny plain-text string in body causes email to bounce back from some servers

Posted on 2015-02-07
12
Medium Priority
?
169 Views
Last Modified: 2015-04-03
A company with Comcast Small Business router and Godaddy package for email finds that SOME of their emails to SOME people bounce back with "return codes" (usually 554 or 550). The "return code 550" bouncebacks happen even when the addressees are people who have been emailed hundreds of times successfully.  Problem happens with webmail as well as mail clients (Outlook, Mac Mail with recommended server/port settings).  Recipients have checked their spam folders.

When they send to my yahoo acct, it always goes through.  When they send to my gmail acct, it bounces back to them SOMEtimes. Usually it's when other emails are forwarded/attached.  

After great trial and error I found that, in ONE case, if they send me a NEW email msg that contains nothing but the plain text string "believeadjust.us" in the body, it will go to my yahoo but bounce back from my gmail. (If they delete the first "b" it doesn't bounce back.)  The bounceback messages say:

---------------------
Reporting-MTA: dns; p3plwbeout18-05.prod.phx3.secureserver.net [173.201.193.190]
Received-From-MTA: dns; localhost [173.201.193.243]
Arrival-Date: Sat, 07 Feb 2015 00:56:29 -0700


Final-recipient: rfc822; losersaysdoh@gmail.com
Action: failed
Status: 5.1.1
Diagnostic-Code: smtp;  550 5.7.1 more information. e10si13050465pds.193 - gsmtp
Last-attempt-Date: Sat, 07 Feb 2015 00:56:29 -0700
---------------------

I also have full message headers from yahoo I can upload if nec.

Any ideas?
0
Comment
Question by:dgrrr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
12 Comments
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40595375
"believeadjust.us" is probably being considered a malicious web site address.  If that's the case, then all you can do is don't put that in your email.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40595471
"believeadjust.us" is listed in the DBL (Domain Block List) on Spamhaus http://www.spamhaus.org/query/domain/believeadjust.us  That's why the emails are bouncing when you include that text.
0
 

Author Comment

by:dgrrr
ID: 40595522
Does that explain what's happening here? Are you saying that if I refer by name to blocklisted site in an email, the email can get rejected? I've never heard of that.

Also, is there a way to search a document or email for such text?
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 

Author Comment

by:dgrrr
ID: 40595523
And would a few email servers react like that to a phrase in such a way, and the rest not? Seems like GMAIL wouldn't be that vulnerable to that kind of thing. You could use this to sabotage documents, so they'd never get forwarded.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40595536
Yes.  Frankly, email is a mess.  Different servers do different things.  And it's not a matter of being 'vulnerable', it's a matter of the rules they use to scan email for problems.  You should realize that 80% or more of email is spam that never gets passed on by the mail servers.  If 'you' break their rules, your email gets rejected or just plain dumped.
0
 

Author Comment

by:dgrrr
ID: 40602512
At the end of a 4 hours chat with go daddy, the tech said that MXToolbox was unable to connect to some of the recipient email address (ones that are valid and in constant use), and that I needed to get all of these random email addresses and servers off of blacklists (that are intermittent)

But on further testing, that tool doesn't connect to ANY GMAIL ADDRESSES!

(1) Am I using that tool right? I.E. Go to mxtoolbox.com/diagnostic.apx, and pasting in the whole email address? It doesn't say anywhere its for email addresses, it just says servers. And it says a bunch of valid emails are bad. WTF?

(2) Is it a waste of time? Can a blacklist only apply some of the time? Every other email from person a to person b?

(3) I've made a list of all the mail servers listed in the NDR's,and all the sender and recipient email addresses involved. What do I do now? Contact all the domains, ask for whitelisting of all the email addresses.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40602552
1.  Yes, it is just for servers.

2.  Technically it is a Block List as in your email is blocked.  On large email servers, the email filter software doesn't always have the same lists on all the machine.  And each different server has it's own block list.  There really isn't any 'master' block list.

3.  As far as I know (and Gmail says this explicitly), you can not whitelist your email addresses on someone else's server.  Every email's content is scanned separately even when it comes from the same email address.

Your original post above says that you are being blocked for 'content', specifically the words "believeadjust.us".  You can't whitelist your content.  At all.  Anywhere.  My anti-virus will block content that is in it's block lists.
0
 

Author Comment

by:dgrrr
ID: 40602642
Thanks DB. I've confused things a bit on this page by discussing two diff probs, the specific "believeadjust.us" phenom, and the larger issue of my client not being able to send mails (sometimes) to about 15 industry colleages.

But I fiinally wsa able to sit at her desk and use mac mail to display the headers, in full, of the "believe adjust.us" mails:
_____
ORIGINAL MESSAGE FULL HEADER


      From:       Firstname Lastname <******.*****.com>
      Subject:       contains phrase
      Date:       February 11, 2015 12:31:55 AM PST
      To:       <*****@yahoo.com>
      Cc:       <******@gmail.com>
      X-Spam-Cmae:       v=2.1 cv=ZeGTN6lA c=1 sm=1 tr=0 p=cID9LFI6AAAA:8 a=naB2BCbaJ9Eq8U3whXKdZw==:117 a=naB2BCbaJ9Eq8U3whXKdZw==:17 a=TZb1taSUAAAA:8 a=E1P78B39AAAA:8 a=FET0fiAFXxfquXtmqXMA:9 a=8ACy7X37OUdJvLyn:21 a=ZnpFFi6dliDsguFF:21 a=CjuIK1q_8ugA:10 a=MDelWGONZl8A:10 a=pKq1ibsGsj0A:10 a=l4Fz4kFV6kMA:10 a=8JMbB6Wc3gMA:10 a=EtMeagz1OWEA:10 a=X1WmsetFAAAA:20 a=mlkOrGLNAgnqMg1pHs8A:9 a=Wnlcm3z8AF2qtV-J:21 a=RQaohEBp8KolmS8x:21 a=ATGJaemb7jEZhHaC:21 a=_W_S_7VecoQA:10
      X-Spam-Account:       *****.*****.com
      X-Spam-Domain:       *****.com
      Content-Type:       multipart/alternative; boundary="Apple-Mail=_85F9FA4C-0D85-41A7-9134-9994878A9FC6"
      Message-Id:       <A46D3456-E8E0-4BA7-A99E-C78A6CCAFF64@***************.com>
      Mime-Version:       1.0 (Apple Message framework v1283)
      X-Mailer:       Apple Mail (2.1283)
_______

SUBSEQUENT NDR FULL  HEADERS

From: Mail Delivery System
Subject: Delivery Status Notification
Date: February 11, 2015 12:31:58 AM PST
To: ********@*************.com
Received: (qmail 3209 invoked by uid 30297); 11 Feb 2015 08:31:58 -0000
Received: from unknown (HELO p3plibsmtp03-06.prod.phx3.secureserver.net) ([68.178.213.105]) (envelope-sender <>) by p3plsmtp18-05.prod.phx3.secureserver.net (qmail-1.03) with SMTP for <******@******.com>; 11 Feb 2015 08:31:58 -0000
Received: from p3plsmtpa07-08.prod.phx3.secureserver.net ([173.201.192.237]) by p3plibsmtp03-06.prod.phx3.secureserver.net with bizsmtp id qwXg1p00s57mpet01wXyi3; Wed, 11 Feb 2015 01:31:58 -0700
Mime-Version: 1.0
Content-Type: multipart/report; boundary="------------I305M09060309060P_989014236435180"
X-Nonspam: None


[Return Code 550] sid: qwXw1p00E3DgBUa01 :: 5.7.1 more information. ru7si1240641igb.56 - gsmtp
0
 
LVL 84

Accepted Solution

by:
Dave Baldwin earned 1500 total points
ID: 40602703
"believeadjust.us" is a content problem and you can not 'whitelist' it away.  If that phrase is on a Block List or anti-virus list, it will simply be blocked.  There is nothing you can do about that unless that is your domain and you can submit a request to have it removed.  Even so, it is impossible to tell how long that would take.

As for the other problems, you will have to get the NDRs and see why they are being bounced.  Only then can you figure out what to do.
0
 

Author Comment

by:dgrrr
ID: 40604986
I see so the "believeadjust.us" bounces are not really relevant in to the issue of the other emails being blocked for unknown reasons.... I thought they might be related.

They still might be -- Most of the returned mails are forwards of forwards of forwards.  But you're suggesting I may need to deal with each separate NDR, yes?
0
 

Author Comment

by:dgrrr
ID: 40604988
But I'm still looking for a confirmation that the "believeadjust.us" emails are being returned because it's blacklisted content. I'm just ASSUMING that.  The codes could suggest it's some other issue that IS related to the others (even tho it's TRIGGERED  by the phrase.)
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40605119
The fact that the emails bounce when they contain "believeadjust.us" and don't bounce if you change even one letter would be more than enough proof for me.

It is not unusual for "forwards of forwards of forwards" to set off spam filters.  You will have to look at the NDRs to see what the reasons are.  It is possible that they have a common problem... but you won't know until you look at them.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question