You are here: Home / Help Center / Email Support / OlympusNet Webmail, Spam and Email Tools Management / Webmail Help - olympus.net / How to Use Full Email Headers to Block Spam - olympus.net

How to Use Full Email Headers to Block Spam - olympus.net

by Inka Luoma last modified Nov 22, 2017 05:32 PM

The purpose of this document is to show how to block spam arriving at your @olympus.net address.

Usually spam recipients block the From email address which doesn't work because the From address is forged.

It takes three steps to block spam.
    1. Display the email's full headers.
    2. Using the full headers, identify the sender.
    3. Enter an appropriately formatted address in Webmail's Settings/Spam Settings/Blocked Senders.

See How to Display Full Email Headers to display the full headers. See also Spam Management for how to find your Blocked Senders list using Webmail/Settings/Spam Settings/Blocked Senders.

Our spam example's full headers are shown in black below.

Looking only at the From field in the inbox, an email appears to be from Marine Technology.
fromMarineTechnology.jpg

Looking at the full headers below, notice that the first entry in the full headers is: Return-Path: update@maritimeglobalnews.com

Usually the real sender of an email is revealed in the Return-Path which is typically the first entry in the full headers. This is what should be entered in the Blocked Senders list, not the From address.

The format to add to your Blocked Senders list:
*@maritimeglobalnews.com
The "wildcard" (asterisk) is used to block any sender of spam from the domain maritimeglobalnews.com such as sally@maritimeglobalnews.com or john@maritimeglobalnews.com.

Spam may continue to arrive from Marine Technology after blocking the Return-Path address. Open the full headers once again and check the Return-Path. It may be that Marine Technology uses other domains from which to send spam. If the domain is different, add the new one to the block list using the same format as above. 

If spam continues to arrive, find the top Received: entry. In this case, that's mail.marinenewsworld.com. To your Blocked Senders list add *@mail.marinenewsworld.com

You've learned how to block spam. Allowed Senders entries are derived the same way. Legitimate senders don't forge their headers, but they may alter it. In other words, apply what you've learned about blocking spam to ensuring delivery of legitimate email.

 Example of Full Headers:

Return-Path: update@maritimeglobalnews.com
Delivered-To: janedoe@olympus.net
X-SDA: 70433851572.01.mouth29_19893fda65b4a
X-Spam: Spam detected
Authentication-Results: auth.b.hostedemail.com; dkim=none
    reason="no signature"; dkim-adsp=none (insecure policy);
    dkim-atps=neutral
X-Spam-Summary: 95,0,0,,d41d8cd98f00b204,update@maritimeglobalnews.com,:,RULES_HIT,0,RBL:208.31.188.136:@maritimeglobalnews.com:.lbl8.mailshell.net-62.6.0.195 64.201.201.201,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fs,MSBL:0,DNSBL:neutral,Custom_rules:0:0:0
X-HE-Tag: mouth29_19893fda65b4a
X-Filterd-Recvd-Size: 99544
Received: from mail.marinenewsworld.com (mail.marinenewsworld.com [208.31.188.136])
    by imf12.b.hostedemail.com (Postfix) with ESMTP
    for <janedoe@olympus.net>; Tue, 21 Jul 2015 23:26:15 +0000 (UTC)
Received: from win08vworker ([208.31.188.190]) by mail.marinenewsworld.com with Microsoft SMTPSVC(6.0.3790.4675);
     Tue, 21 Jul 2015 11:23:51 -0400
MIME-Version: 1.0
From: "Maritime Global News" <update@maritimeglobalnews.com>
To: janedoe@olympus.net
Reply-To: update@maritimeglobalnews.com
Date: 21 Jul 2015 11:24:06 -0400
Subject: Tagged-as-spam Intracoastal Waterway Reopened After Barge Collision
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64
Return-Path: update@maritimeglobalnews.com
Message-ID: <BMAILMNWBh5RNH9HlLz0002fdd9@mail.marinenewsworld.com>
X-OriginalArrivalTime: 21 Jul 2015 15:23:51.0390 (UTC) FILETIME=[3F701FE0:01D0C3C9]