Hi
I have a problem with our global Blocklist.
I added the domainpart and a regex and I still receive Mails from that domain (Massmailing all our Homepages)....
Global Blocklist

(enabled) Blocklist Rule
(Highest priority)

Mail Header
I have a problem with our global Blocklist.
I added the domainpart and a regex and I still receive Mails from that domain (Massmailing all our Homepages)....
Global Blocklist

(enabled) Blocklist Rule
(Highest priority)

Mail Header
Delivered-To: event@ourdomain.com
Return-Path: sm.21177883674.m9f0c8k9bh6zheoe05-zaproszenie=warsawexpo.eu@emsgrid.com
Received-SPF: pass (emsgrid.com: Sender is authorized to use 'sm.#.m9f0c8k9bh6zheoe05-zaproszenie=warsawexpo.eu@emsgrid.com' in 'mfrom' identity (mechanism 'include:_spf.jupiter.salesmanago.pl' matched)) receiver=spam.ourdomain.com; identity=mailfrom; envelope-from="sm.#.m9f0c8k9bh6zheoe05-zaproszenie=warsawexpo.eu@emsgrid.com"; helo=izanagi.emlgrid.com; client-ip=185.54.187.89
Received: from izanagi.emlgrid.com (izanagi.emlgrid.com [185.54.187.89])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
(No client certificate requested)
by spam.ourdomain.com (Proxmox) with ESMTPS
for <event@ourdomain.com>; Tue, 30 Jun 2026 16:38:58 +0200 (CEST)
Received: from s12 (_local_)
by emsgrid.com (mta01) with ESMTP id 4gqQhm1GrLzFC0DX
for <event@ourdomain.com>; Tue, 30 Jun 2026 14:37:12 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smgrid.eu;
s=sm-trackid; t=1782830232; x=1782875232;
bh=NX3yBSPsS7o/HjvRIHpQjACoTkqqJw6pPFrOOHG4G/k=;
h=Date:From:To:Subject:List-Unsubscribe:List-Unsubscribe-Postate:
From:To:Subject:List-Id:List-Unsubscribe:List-Unsubscribe-Post:CC;
b=BLBkBT2Vvxv118FcOlc714tojuh8bXRtpa0MFFyo+DPdQ4CgxmnYTLrRUB9En6XRs
WB921ynpBmBYXwPV6QrIJfyvGlgGeh/Lr9+9OTGe4NRhk6pC1KDbgPW5SEckaxZMbM
DG+Z4JzQlsmD+bb/G3pB7J/zd8ynThTJ3bk05XJleV3rl4w3i8JOj3fCJnoDRJkcvP
tInNoGaaQbknAESyTQrt/Cu4dbnxCf5CJWI7+naW0MH5R3gOh4+nn63bsDlDclGRJ0
2YZt3C85DB8fCd6PAlI11rUJU7QwIewynufgL4ngDTOq1aj00KGJ1Rt2+bPgpmQ89H
iQ+a5yu/RNf8w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=warsawexpo.eu;
s=salesmanago; t=1782830232; x=1782875232;
bh=NX3yBSPsS7o/HjvRIHpQjACoTkqqJw6pPFrOOHG4G/k=;
h=Date:From:To:Subject:List-Unsubscribe:List-Unsubscribe-Postate:
From:To:Subject:List-Id:List-Unsubscribe:List-Unsubscribe-Post:CC;
b=sVm2cQqdBVMgudVRunPB3jm/ZIphwrzPqfjRctVdPLbc2ZL9MExzBcZDEuB7zcIm9
+mx6WFAGMDE0K2bApTq4yNXSvV2zSqJ2mf3suAF7We4PVQspkZOT4G/IZLBxQYZEI2
0xnB1uvDS5wQ+ByQf/vagxKmUyy+fhSwYeZJs6gpn8GbP42mxiyJX6D/WrixLLj5Qx
zKq6ms+c/m2prgNkORbxAkO/VDHE2mHFvSRyM3638FdjFhxYBvZDOGY7JFAJH34txD
O5ostIlfFA0iQGwwZAf8ID10BdV7S80ZMjMDtnFdpa8+X/jgdnUj8cmEBER/3tVL+C
0bgIsmKwruHog==
Date: Tue, 30 Jun 2026 16:37:12 +0200 (CEST)
From: Ptak Warsaw Expo <zaproszenie@warsawexpo.eu>
To: event@ourdomain.com
Message-Id: <21177883674.30232104@emsgrid.com21177883674>
subject: {Spam?} Kalendarz targowy - =?UTF-8?Q?jesie=C5=84=20?=2026
X-Abuse: Please report abuse here: abuse@salesmanago.pl
X-Campaign: 1f55a9cc-b7e6-4a14-a882-1612c45f12fd
Feedback-ID: 1f55a9cc-b7e6-4a14-a882-1612c45f12fd:m9f0c8k9bh6zheoe:m9f0c8k9bh6zheoe:SALESmanago
List-Unsubscribe: <mailto:unsubscribe+GYCcYtqoEB8FdECmt1X-XASh9Vqcy35qFIghYSxF8S_Q5@emsgrid.com?subject=GYCcYtqoEB8FdECmt1X-XASh9Vqcy35qFIghYSxF8S_Q5>,
<https://app3.salesmanago.pl/optOut....b7e6-4a14-a882-1612c45f12fd&optOutLanguage=pl>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
Precedence: bulk
X-Entity-Ref-ID: none
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_3525844_777915629.1782830232104"
X-SPAM-LEVEL: Spam detection results: 5
CustomCheck 0.8 Custom Check Script
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain
DMARC_PASS -0.1 DMARC pass policy
GB_GEN_REDIR_URL 0.5 Redirector found in href link
HEADER_FROM_DIFFERENT_DOMAINS 0.249 From and EnvelopeFrom 2nd level mail domains are different
HTML_MESSAGE 0.001 HTML included in message
KAM_EU 0.5 Prevalent use of .eu in spam/malware
KAM_SHORT 0.001 Use of a URL Shortener for very short URL
MIME_HTML_MOSTLY 0.1 Multipart message mostly text/html MIME
MIXED_ES 0.001 Too many es are not es
MPART_ALT_DIFF 0.3 HTML and text parts are different
RCVD_IN_MSPIKE_H5 0.001 Excellent reputation (+5)
RCVD_IN_MSPIKE_WL 0.001 Mailspike good senders
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
T_TVD_FUZZY_SECTOR 0.01 -
UNPARSEABLE_RELAY 0.001 Informational: message has unparseable relay lines
UNWANTED_LANGUAGE_BODY 2.8 Message written in an undesired language