Previous Next  Up  Table of Contents  SpamSieve Home

5.3.6   Show Blocklist

The Show Blocklist command in the Filter menu opens the Blocklist window. The blocklist consists of a list of rules. If a message matches one or more enabled rules on the blocklist (and Use SpamSieve blocklist is checked), SpamSieve will predict that it is spam. As always, SpamSieve does not prevent you from receiving the spam messages; rather, the blocklist ensures that they will go to the spam mailbox rather than the inbox. You can also configure Apple Mail so that the blocklisted messages go directly to the trash.

spamsieve blocklistspamsieve blocklist

Rule Columns

The meanings of the columns are as follows:

The date that the rule was added to the blocklist.
The part of the message that will be matched against the rule.
Match Style
How the rule text will be matched against the text from the message’s header.
Text to match
The text that will be matched against the message’s header.
✓ (Enabled)
If this is checked, the rule is enabled. Disabled rules do not block any messages, but they are useful because they prevent SpamSieve from re-learning a rule that you don’t want. (See “Rules and Training” below.)
The number of spam messages that the rule blocked, a rough measure of how effective it is.

Rule Headers

When SpamSieve checks whether a message matches a rule, it compares the part of the message named by the Header column with the contents of the rule’s Text to Match column. The following are the message parts that may be used in the Header column:

From (address)
The e-mail address of the message’s sender.
From (name)
The name of the message’s sender.
To (any address)
The e-mail addresses of the primary recipients of the message. SpamSieve checks each recipient separately to see whether it matches the rule.
CC (any address)
The e-mail addresses of the carbon copy recipients of the message. SpamSieve checks each recipient separately to see whether it matches the rule.
Reply-To (address)
The address that you would be sending to if you replied to the message. This is often the same as the From address, but it could also be a mailing list or an alternate address for the sender. If the message does not specify a Reply-To, then the rule will not match.
Any Recipient
The To and CC addresses.
Any Address
The From, To, CC, Reply-To, and SendTo addresses.
For mailing list messages, this hidden header indicates which mailing list the message was sent to.
For mailing list messages, this hidden header indicates how to unsubscribe from the mailing list. Some mailing list messages that do not have a List-ID header do have a List-Unsubscribe header.
For mailing list messages, this hidden header indicates which mailing list the message was sent to. Some mailing list messages that do not have a List-ID header do have a Mailing-List header.
Received (any)
The Received headers contain information about the servers that relayed the message on its journey from the sender to the recipient.
This header contains information about where the message originated.
The subject of the message.
Body (any text part)
The contents of the message. Some messages contain more than one text part (for instance, plain text and HTML representations of the same message). The rule matches the message if any of the text parts matches the rule’s text.
Any Character Set

The character set often indicates the language of the message. Many spam messages are sent using Asian or Cyrillic character sets, and SpamSieve is pre-configured to block these. The IANA maintains a list of character sets.

Any Attachment Name
Many spam messages contain attachments whose names end with .pif or .scr. SpamSieve ships with some blocklist rules pre-configured to catch messages containing spammy attachments.

Rule Match Styles

There are several different ways in which SpamSieve can compare the text in the message’s header to the rule’s text. In all cases, capitalization does not matter; lowercase letters are considered the same as their uppercase counterparts.

Is Equal to
The message matches the rule if its text is exactly the same as the rule’s text. This is the fastest style of matching. If you leave the text blank, the rule will match messages that have blank values for that header—for example when there is an empty Subject header. Sometimes, messages (especially spam ones) omit headers. To match an omitted header, enter <SpamSieve-Unknown-Subject>, <SpamSieve-Unknown-From>, <SpamSieve-Unknown-FromName>, or <SpamSieve-Unknown-To> depending on the header selected.
The message matches the rule if the message text contains the rule text.
Starts with
The message matches the rule if the message text begins with the rule text.
Ends with
The message matches the rule if the message text ends with the rule text. This is useful for matching domain names. For example, to match messages sent from Apple, you could create an Ends with rule with text
Matches Regex

This is like Contains, except that the rule text is treated as a Perl-compatible regular expression. Regular expressions are a powerful way of specifying patterns of text, for instance: e-mail addresses that contain numbers before the @ sign or subjects that are longer than 30 characters. For example, a Matches Regex rule with the text:


would match all messages where the match field ends with but is not or This can be used to block messages sent to fake addresses. And this regex:

(?-i)^(Re: )?[A-Z]{2,8}, [ a-z0-9'?!]*$

matches a common pattern of spam message subjects.

If the regular expression entered in the Text to Match column is invalid, SpamSieve will color it in red, and it will not match any messages.

Creating Rules

There is normally no need for you to manually create or delete blocklist rules because SpamSieve learns to recognize your spam automatically. If a lot of spam is in your inbox, your first step should be to follow the instructions in Why is SpamSieve not catching my spam? rather than to create blocklist rules that may not be needed or even used (e.g. if the real problem is that your mail program isn’t set up properly).

Rules and Training

By default, the Train SpamSieve blocklist preference is enabled. This means that SpamSieve will automatically create blocklist rules when you train a message as spam. You won’t get spam from the same address or sender name twice.

SpamSieve will also disable matching blocklist rules when you train a message as good. This prevents a bad blocklist rule from blocking similar good messages.

With the Train SpamSieve whitelist preference enabled, training also applies to the whitelist.

Editing Rules

You can edit a rule’s Header or Match Style by clicking in the corresponding column and selecting from the pop-up menu. To edit a rule’s Text to Match, double-click the text.

Deleting and Disabling Rules

You can delete a rule from the blocklist by selecting it and pressing Delete. Generally, there is little reason to delete rules. SpamSieve is optimized such that having lots of rules does not reduce performance.

If you don’t like what a rule is doing, you should uncheck the rule rather than deleting it. This will prevent SpamSieve from re-learning the rule automatically (see “Rules and Training” above). For example, say that you get forged spam messages from your own address. When you receive such a message, and tell SpamSieve that it’s spam, any rule on the whitelist with your address would be disabled. This will enable future such spam messages to be caught. If you later get a legitimate message from your own address and tell SpamSieve that it’s good, the whitelist rule will remain disabled, so SpamSieve will still be able to catch that spam. If you had previously deleted the rule instead of disabling it, telling SpamSieve that the message was good would create a new, enabled whitelist rule, which would prevent those spam messages from being caught.

Finding Rules

You can type the first few letters of a rule’s Text to Match to quickly locate that rule, or use the search field in the toolbar to focus on a group of related rules.

Troubleshooting Rules

Blocklist rules will not match a message if:

Previous Next  Up  Table of Contents  SpamSieve Home