Blocking using firewall rules and string matching is, in general, a horrible solution IMHO. It may work with http/https but little else. It can work with DNS but then you should not restrict the protocol to TCP, and you may want to block the INPUT chain. Then you get all the attendant problems of DNS tunnelling like DoH.
Better is the RPZ solution which still has DNS bypass issues but is easier than the firewall and less prone to false positives (the firewall rule above will block plain-text emails containing the block-me.com string anywhere in the body if mail is sent unencrypted), but there is no perfect solution.