A rule to reject emails from relay services

They pass DKIM but the text in the message doesn’t match the domain they are sent from.

I deal with dozens of spoofers each day imitating Network Solutions. I’d rather they go directly to spam. Because they use new addresses all the time and Network Solutions identifiers are usually image files they don’t have much in common with each other.

Two of the latest emails I analyzed with Chatgpt show they use relaying from the same relay services.

Can I set up a rule to reject these services?

First email path

Trend Micro → Vadesecure → Netsol → mailbox

Second email path

Vadesecure → Netsol → mailbox

Both routed through:

• Vadesecure

• Trend Micro

• Netsol mail infrastructure

This indicates:

• external sender

• scanned and relayed

• not originating from a trusted system

SpamSieve should be able to learn to automatically recognize these from the headers if they’re using the same services (or perhaps based on the similar images) even if the other content is different.

But it might also be possible for you to create blocklist rules to match them. Perhaps there’s something unique in the Received header? Rules can only match one header at a time, though, so it might not be possible to match a particular sequence of routing.

The common thing seems to be these email relay services. Vadesecure and Trend Micro. I’m not sure how I can make a rule to mark these as spam because these are indicated deep in the full headers. Strangely they seem to be legitimate companies that exist to prevent phishing and spoofing scams in email.

Which header are they in? Could you post an example?