Hello all, I'm not able to block emails from unwanted sources, so I just want to clarify that I am doing everything right. I do have "Who object" with name "Newsletters" and I've filled it with emails and whole domains that I want to block. I've created Mail Filter action with name "Block Newsletters" where I've put "Action Object: Block" and specified "From: Newsletters", but still some emails are passing over this rule even if the source of the email is listed there. My question is what is the source of the email address that is being compared with the Who object? Is it "From:" header in the email header? Here is example of "From" header of the message that passed over even though the "firstname.lastname@example.org" is in the "Newsletters" (taken from the raw of the message where i've changed the real domain to xxx.com): From: =?UTF-8?B?S2zDoXJhIERvdWJvdsOh?= <email@example.com> I see that email decoded well in the Spam Quarantine (full name followed by the email itself in sharp brackets)... I do have only one Accept action rule (whitelist) on the list before this Block action rule, but that whitelist does not contain this email... No Quarantine action before the block... Any chance to debug this or am I doing anything wrong?