Is there a way to train SpamSieve to block a domain?

I’ve recently been receiving several fake company emails a day from verbose email accounts like FwHrFXNswMSaLUjVgKobXmpeVmA.izoFp7oprzpWlhRfZfSoiN@xpw0zr9.onmicrosoft.com. The domain “onmicrosoft.com” is the one common factor in all of these email accounts.

I’ve been applying “Train as Spam” to these emails, but they keep appearing in my Inbox. Is there a way I can get SpamSieve to recognize all emails from the “onmicrosoft.com” domain as spam? If not, I’ll set up an Inbox Rule to send them straight to the Trash.

Yes, you could go to SpamSieve’s Blocklist window and make a rule like:

From (address) Ends With .onmicrosoft.com

1 Like

Also, since I know Ward is a KM user, on a non-drone machine, use this:

This will create a blocklist rule for the whole address rather than the domain.

Interesting article related to this.
https://www.reddit.com/r/msp/comments/16n8p0j/spam_increase_from_onmicrosoftcom_addresses/

So a regex alternative to blocking all of onmicrosoft.com:

@.*\d\.onmicrosoft\.com

Would block anytext@anytext[0-9].onmicrosoft.com where spammers (for now) are using a digit preceding .onmicrosoft.com

2 Likes

Here’s an AppleScript to make it easy to create domain blocklist rules:

display dialog "Enter domain to block (starting with the “@”):" default answer ""
set _domain to text returned of the result
tell application "SpamSieve"
    tell blocklist
        make rule with properties {text to match:_domain, match field:from field, match style:ends with style}
    end tell
end tell

You can install it in the system scripts menu.