Creating a rule in Apple Mail designed to block the spammer's domain

Question

Level 1

24 points

Creating a rule in Apple Mail designed to block the spammer's domain

My question concerns rules in Apple Mail. I grasp the use of the rules settings to catch spam. However, the rule is usually established to block the email name of the spammer and the domain. So if the spammer merely changes the email name, then the spam plugs through. However, is it possible to block the domain? I believe the process might be to delete the name to the left of the @ and the remainder of the address is the domain. Any thoughts would be greatly appreciated.

Posted on Feb 8, 2023 7:15 AM

Reply

Answer 1

Top-ranking reply

VikingOSX

Community+ 2024

Level 10

116,639 points

Feb 8, 2023 8:09 AM in response to MeisterFritz

Some spammers own their own Mail servers and many more utilize accounts on commercial mail servers. In either case, the spammer is not restricted to using the same domain name in their From header address, and frequently rotate that information to avoid mail rules and for different spam campaigns.

Ordinarily, and this is primarily from accounts on commercial email servers, one address that does not change is the header field named Return-Path, which incorporates the account information and the mail server's address. This is typically a static address that you can filter until the commercial server boots the spammer, or a new account is created. I have recently received spam email where it would appear the spammer owns their own mail server and the return path was set to <> (which you can also filter out).

Select one email message that you want to filter in Apple Mail. Visit the Rules in Mail preferences and click Add Rule. You can arbitrarily name it "Mail Server Return Paths" By default the new rule will show the following:

You already have changed the Description field. Click on the From selector and at the bottom of that long secondary menu, you will see Edit header list… Click that entry, and add [+] this exact spelling:

Return-Path

You will then see the following and click OK:

When you next click on that From selector, you will now see Return-Path available on the secondary menu in the same section as the From header field. Choose Return-Path. With the middle selector still set at contains, the editable field to the right will now auto-populate with the Return-Path address of the mail server used by the spammer. You can move around in that text field with your arrow keys and backspace to remove anything (including the <> characters) but the mail server's domain name. If the mail server Return-Path address were:

<bounce_diacffn_m-someone=fictitious.com@cp20.com>

You would edit this to:

cp20.com

And to finish the rule, you would set:

Move message to mailbox: Trash

When you click OK, the rule will pop a dialog to apply it, and when you do, it will Trash the currently selected email with that Return-Path and all future incoming emails whose Return-Path header contains cp20.com (as an example).

Reply

Answer 2

MeisterFritz Author

Level 1

24 points

Feb 8, 2023 12:05 PM in response to MeisterFritz

Excellent example and directions. I tried it on an old spam email that I discovered. I want to make sure that the ONLY characters remaining were those to the RIGHT of the @ key.

Your directions were well written and your organization is superior. Wish I had asked for this solution years ago.

Reply

Answer 3

Feb 8, 2023 12:15 PM in response to MeisterFritz

It is the solution that I use. The Return-Path addresses can be dauntingly long but as long as you edit them down to just the spammer's email domain the solution should continue to work. Eventually, you may get spam from the same spammer using a different mail server, but this is far less frequent and manageable.

There is also SpamSieve for a paid, third-party solution, though I have no experience with it.

Reply

Creating a rule in Apple Mail designed to block the spammer's domain

Similar questions