You are here: Home / Help Center / Email Support / OlympusNet Webmail, Spam and Email Tools Management / Webmail Help - / How to Use Full Email Headers to Block Spam -

How to Use Full Email Headers to Block Spam -

by Inka Luoma last modified Nov 22, 2017 05:32 PM

The purpose of this document is to show how to block spam arriving at your address.

Usually spam recipients block the From email address which doesn't work because the From address is forged.

It takes three steps to block spam.
    1. Display the email's full headers.
    2. Using the full headers, identify the sender.
    3. Enter an appropriately formatted address in Webmail's Settings/Spam Settings/Blocked Senders.

See How to Display Full Email Headers to display the full headers. See also Spam Management for how to find your Blocked Senders list using Webmail/Settings/Spam Settings/Blocked Senders.

Our spam example's full headers are shown in black below.

Looking only at the From field in the inbox, an email appears to be from Marine Technology.

Looking at the full headers below, notice that the first entry in the full headers is: Return-Path:

Usually the real sender of an email is revealed in the Return-Path which is typically the first entry in the full headers. This is what should be entered in the Blocked Senders list, not the From address.

The format to add to your Blocked Senders list:
The "wildcard" (asterisk) is used to block any sender of spam from the domain such as or

Spam may continue to arrive from Marine Technology after blocking the Return-Path address. Open the full headers once again and check the Return-Path. It may be that Marine Technology uses other domains from which to send spam. If the domain is different, add the new one to the block list using the same format as above. 

If spam continues to arrive, find the top Received: entry. In this case, that's To your Blocked Senders list add *

You've learned how to block spam. Allowed Senders entries are derived the same way. Legitimate senders don't forge their headers, but they may alter it. In other words, apply what you've learned about blocking spam to ensuring delivery of legitimate email.

 Example of Full Headers:

X-SDA: 70433851572.01.mouth29_19893fda65b4a
X-Spam: Spam detected
Authentication-Results:; dkim=none
    reason="no signature"; dkim-adsp=none (insecure policy);
X-Spam-Summary: 95,0,0,,d41d8cd98f00b204,,:,RULES_HIT,0,,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fs,MSBL:0,DNSBL:neutral,Custom_rules:0:0:0
X-HE-Tag: mouth29_19893fda65b4a
X-Filterd-Recvd-Size: 99544
Received: from ( [])
    by (Postfix) with ESMTP
    for <>; Tue, 21 Jul 2015 23:26:15 +0000 (UTC)
Received: from win08vworker ([]) by with Microsoft SMTPSVC(6.0.3790.4675);
     Tue, 21 Jul 2015 11:23:51 -0400
MIME-Version: 1.0
From: "Maritime Global News" <>
Date: 21 Jul 2015 11:24:06 -0400
Subject: Tagged-as-spam Intracoastal Waterway Reopened After Barge Collision
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64
Message-ID: <>
X-OriginalArrivalTime: 21 Jul 2015 15:23:51.0390 (UTC) FILETIME=[3F701FE0:01D0C3C9]