Is there a way to train SpamSieve to block a domain?

Ward · February 29, 2024, 4:07pm

I’ve recently been receiving several fake company emails a day from verbose email accounts like FwHrFXNswMSaLUjVgKobXmpeVmA.izoFp7oprzpWlhRfZfSoiN@xpw0zr9.onmicrosoft.com. The domain “onmicrosoft.com” is the one common factor in all of these email accounts.

I’ve been applying “Train as Spam” to these emails, but they keep appearing in my Inbox. Is there a way I can get SpamSieve to recognize all emails from the “onmicrosoft.com” domain as spam? If not, I’ll set up an Inbox Rule to send them straight to the Trash.

Michael_Tsai · February 29, 2024, 6:07pm

Yes, you could go to SpamSieve’s Blocklist window and make a rule like:

From (address) Ends With .onmicrosoft.com

ikenassi · March 1, 2024, 4:24pm

Also, since I know Ward is a KM user, on a non-drone machine, use this:

Michael_Tsai · March 1, 2024, 4:36pm

This will create a blocklist rule for the whole address rather than the domain.

PhilT · March 5, 2024, 10:21pm

Interesting article related to this.
https://www.reddit.com/r/msp/comments/16n8p0j/spam_increase_from_onmicrosoftcom_addresses/

So a regex alternative to blocking all of onmicrosoft.com:

@.*\d\.onmicrosoft\.com

Would block anytext@anytext[0-9].onmicrosoft.com where spammers (for now) are using a digit preceding .onmicrosoft.com

Michael_Tsai · December 20, 2024, 10:05pm

Here’s an AppleScript to make it easy to create domain blocklist rules:

display dialog "Enter domain to block (starting with the “@”):" default answer ""
set _domain to text returned of the result
tell application "SpamSieve"
    tell blocklist
        make rule with properties {text to match:_domain, match field:from field, match style:ends with style}
    end tell
end tell

You can install it in the system scripts menu.

lapan · May 29, 2026, 6:33pm

I’m new at adding scripts here so a little help needed.

Do I create an AppleScript with just that info and save it to ~/Library/Application Scripts/com.c-command.SpamSieve

OR do I create a text file with the same rule?

Also, I created it in AppleScript (to try) and added to that folder. How do I make it work?

Michael_Tsai · May 29, 2026, 6:53pm

Activate the system script menu, as described here. You can use the script menu to open the appropriate folder for saving the AppleScript file. And then you can run it from the script menu.