How to create advanced blocklist and acceptlist rules in Jellyfish





If you need to create a rule with multiple different types of conditions, you can do so by selecting the Advanced option. This is helpful, for example, for combining email and subject types if you don't want to receive specific subjects from some email address and not all emails from that email address.

Once you’ve done this, you’ll see the Compose an advanced rule window with these fields:

  • Apply rule to: select "All your mailboxes" or enter specific email address(es) you wish to protect.

  • Select your conditions: select one or several conditions under which the rule should be applied to a message.

You can choose from the following conditions:


You can learn about the difference between Envelope-to/Envelope-from and To/Fromhere.

And then choose one of the actions (actions may vary depending on the chosen condition):

  • Is exactly
  • Is not exactly
  • Contains
  • Does not contain
  • Starts with
  • Ends with
  • Is TLD
  • Is not TLD

In the remaining field insert the email address, subject, IP address, or whatever applies and click on Create Rule:



Please note:

  1. It’s necessary that all the added conditions from your rule are met in one particular email for an advanced rule to work properly. So, if you add three conditions to an advanced rule, it means that you’d like to block/accept only emails containing all three at once (and not the emails containing only one or two conditions).

    For example, you create a blocklist rule with these conditions:



    In this case, only the emails containing all three conditions in them will be blocked. If an email is sent to you and it meets only two conditions for blocklisting (e.g. Envelope from is info@myemail.com and To is <user@otheremail.com>, but the subject doesn’t contain ‘report’), such an email won’t be blocked.

  2. If you need to add two or more different subjects or domains or emails to acceptlist/blocklist, please create several separate rules to avoid errors. For example, if you want to block two subjects (from two different emails) that contain such phrases as ‘Earn $’ and ‘Make money’, you will need to create two separate rules.

  3. We recommend that you use email headers as the source of truth when creating advanced rules. You can check this guide on how to find an email header for Private Email webmail (AppSuite) or depending on the email client you use.

Below you can check what a typical email header may look like so that you understand where to look for the conditions we mention in this guide. Please note that this is an example and some parts of your email header may look differently.

Example (click here to expand)


If you want to create conditions for Envelope-to (i.e. for <jellyfish@namecheap.com> in the header) or Sender IP fields, please keep in mind that they should be checked in Received part of the header that contains "by xxx.jellyfish.systems" phrase. With Sender IP, you will need to find this field and copy the IP address which is above "by xxx.jellyfish.systems" phrase (see the screenshot above).




In order for an advanced rule to work properly, there is a specific format to follow. Below are described tips for rules creation based on the condition you choose.



OperatorDescriptionExamples
is/is notCopy the whole From/To field value (including brackets and/or First/Last name/company name – if present) from the email header to the input field in your Jellyfish interface.

NOTE:Since these operators require an exact match of the entire From/To field value, it’s recommended to use them only if you copy value directly from email headers.
Email header:


Example of the correct input:
"Support Team" <support@testmail.com>


Example of the incorrect input:
support@testmail.com

or
Support Team
starts with/ends withMake sure to specify the exact beginning/end of the From/To field value (including brackets) for the rule to work properly.

NOTE:Since these operators require an exact match of the beginning/end of From/To field value, it’s recommended to use them only if you copy value directly from email headers.
Email header:


Example of the correct input for ‘starts with’:
”Support


Example of the correct input for ‘ends with’:
testemail.com>


Example of the incorrect input for ‘starts with’:
Support


Example of the incorrect input for ‘ends with’:
testmail.com
contains/does not containSpecify any part of the email address (or correct First/Last name, company name, etc) from the From/To field value you see in your webmail/email client or email headers.

NOTE:If you, for example, insert jane.doe@email.com with Contains/Does not contain, then the created rule will work both with emails sent only to jane.doe@email.com and with emails that have jane.doe@email.com as one of the recipients.
Email header:


Examples of possible correct inputs:
Support Team

or
support@testemail.com

or
testmail.com


NOTE: Please note that if an email contains several recipients in To field and you create a blocklist or acceptlist rule for all of them, you will need to copy all of the recipients from the email headers keeping the same order and format. If the order of the recipients is changed, the rule won’t be applied to such emails. Otherwise, you will need to create separate rules/conditions for all the recipients you wish to block or accept.

You can also learn how to choose the appropriate sender/recipient condition for your case from To/From and Envelope-to/Envelope-from fields here.




OperatorDescriptionExamples
is/is notCopy the email address in envelope-from/envelope-to (for) field value from the email header to the input field in your Jellyfish interface.Email header:


Example of the correct input:
test@namecheap.com


Example of the incorrect input:
<test@namecheap.com>
starts with/ends withCopy the beginning/end of the envelope-from/envelope-to (for) field value from the email header.Email header:


Example of the correct input for ‘starts with’:
test@


Example of the correct input for ‘ends with’:
namecheap.com


Example of the incorrect input for ‘starts with’:
<test


Example of the incorrect input for ‘ends with’:
namecheap
contains/does not containSpecify any part of the email address from envelope-from/envelope-to (for) field value from the email header.Email header:


Examples of possible correct inputs:
test

or
namecheap
Is TLD/is not TLD –available for Envelope-fromSpecify a particular TLD (top-level domain, e.g. com, co.uk) without a dot to block or accept all emails originated from it.Email header:


Examples of the correct input:
com





OperatorDescriptionExamples
is/is notCopy the whole Subject field value from the email header/webmail/email client to the input field in your Jellyfish interface.

NOTE:Since these operators require an exact match of the entire Subject field value, it’s recommended to use them only if you copy value directly from email headers.
Email header:


Example of the correct input:
They keep your money - no refund!


Example of the incorrect input:
refund
starts with/ends withCopy the beginning/end of the Subject field value from the email header.Email header:


Example of the correct input for ‘starts with’:
They


Example of the correct input for ‘ends with’:
refund!


Example of the incorrect input for ‘starts with’’:
they


Example of the incorrect input for ‘ends with’:
refund
contains/does not containUse this action to block/accept emails with specific words or phrases in the Subject.Email header:


Examples of possible correct inputs:
money

or
no refund





Keep in mind that IP addresses are usually dynamic and not static, which means the sender you want to block (or add to the acceptlist) may use different one(s) already.

At the moment adding IP ranges (e.g. 192.168.1.1-10), subnets or networks (e.g. 192.168.1.0/24), IPv6 addresses to blocklist or acceptlist is not supported by Jellyfish.

OperatorDescriptionExamples
is/is notUse this action to add a blocklist/acceptlist rule for a whole IP address and not a part of it (like a range or network).Email header:


Correct input:
198.54.122.110
starts with/ends withUse this action if you want to add to acceptlist/blocklist the exact first/last octets of a particular IP address.Email header:


Example of the correct input:
198
contains/does not containUse this action if you want any part of a particular IP address to add to acceptlist/blocklist.Email header:


Example of the correct input for:
54.122





OperatorDescriptionExamples
contains/does not containCopy any part of the Message body to add it to blocklist/acceptlist.Email header:


Possible correct inputs:
50% discount

or
Sign up





An email contains a header and message body. The header, among other details, contains ‘envelope-from’ (sender) and ‘envelope-to’ (recipient) fields. This is how they are displayed in an email header:



When a user receives an email, they do not see the envelope-to or envelope-from fields. Email clients/webmail only display From and To fields:



Still, all these fields can be checked in email headers, too:



Therefore, the difference between To/From (headers) and Envelope-to/Envelope-from (envelopes) is that they are used for different purposes. Header To/From is used in your webmail/email client to display the recipient and sender. And Envelope-to/Envelope-from in their turn are responsible for getting your email delivered.

FromEnvelope-From
Used by email clients/webmail to show the ‘From’ field to usersUsed by SMTP servers for email delivery
Used by DKIM filter to check if the message is authenticUsed by SPF filter to designate the permitted sender



ToEnvelope-To
Used by email clients/webmail to show the ‘To’ field to usersUsed by SMTP servers for email delivery



Normally envelopes and headers match. However, if someone wants to forge these fields, they would be different. For example, an email is actually sent from billing@phishingdomain.com (envelope-from field), but the headers are forged to display the sender as billing@namecheap.com (from field).

To avoid this, security mechanisms such as SPF and DKIM are used as well as email filtration systems (which Jellyfish is). Therefore, if, for example, you suspect that from/to fields can be forged and you want to block the actual recipient/sender of the email, Envelope-to/Envelope-from should be chosen.

You can also check how to analyze email headers here.



Updated
Viewed
3845 times

Need help? We're always here for you.

notmyip