How to Filter Gmail Headers & Stop “Via” Spam

In this article I will show you how to use a Google Apps Script to mark certain messages as spam based on their headers.

This script basically checks the 5 newest inbox messages every 10 minutes looking for a specific header. If it finds that header it will mark the message as spam automatically. Of course, you can modify the code to fit your needs.

This script won’t prevent you from receiving this spam in the first place, but it will save you the trouble of manually identifying and deleting them yourself. Plus, if you use Gmail’s Priority Inbox, you won’t be notified about receiving them anymore.

If you want to skip my explanations and get straight to the code, click here.

Gmail filters can do a lot, but one thing they can’t do is catch messages sent via another domain.

I’m referring to emails with the sender name displayed in this format: [email protected] via xyz.com

Screenshot:
Email via domain

Why is that “via” there? Here’s an answer from Google:

Why am I seeing “via” followed by a domain name next to the sender’s name?

Gmail detected that the email was sent via another mail service. This means that the sender may be using a third-party email service to generate this message. For example, the message may have been sent through a social networking site which offers an email service or sent through a mailing list that you’re subscribed to.

Gmail displays this information because many of the services that send emails on behalf of others don’t verify that the name that the sender gives matches that email address. We want to protect you against misleading messages from people pretending to be someone you know.

In my case, I get a lot of spam via a specific domain, but I can’t use Gmail’s filters to block them.

This “via” information comes from the X-Forwarded-For email header. Gmail filters can’t be applied to this data, but fortunately you can use a Google Apps Script to do it instead.

Follow These Steps

1. Go to gmail in your web browser and open an email with a via domain that you want to block.

2. Use the dropdown menu (pictured below) and click Show original.
gmail - show original

3. Search for “X-Forwarded-For” and copy that line. You’ll need this info for your code.

It should like this:

4. Go to script.google.com to create a new Google Apps Script.

5. Choose to create a script for a Blank Project.

Your screen should look like this:
Untitled Project

6. Now clear out any pre-existing code under the Code.gs tab and replace it with the code below.

Make sure you replace the
X-Forwarded-For: [email protected] [email protected]
part on Line 8 with the line you copied from your unwanted email earlier.

7. Click the little clock button pictured below to set up the trigger:
google apps script trigger

8. If you haven’t named your project yet, it will ask you for a project title. Name it “Filter Via Spam” or whatever you want. After naming it you should see the “Current project’s triggers” popup window.

9. Click the link to set a trigger. I have mine set to run every 10 minutes. Copy mine or choose your own frequency.
trigger frequency

10. Hit save and it may ask for authorization. Go ahead and accept.

11. Now you’re pretty much done. Run it and see if it works. Pay careful attention to your inbox before and after running it to make sure the right emails are being marked as spam.

12. Keep in mind, the spam we are filtering will still initially go to your inbox, and it will be there until the script is run based on the frequency you set. So with the settings used in my example, the spam will sit in your inbox for up to 10 minutes before being filtered.

Using Gmail’s default inbox, you will also still be notified when you receive this spam. This is why I recommend using Gmail’s Priority Inbox. You won’t be notified and will mostly never see this spam at all.

Hope someone else finds this useful! I’ve been running this script for the past few months and it has worked really well. All the “via” spam I was getting is now out of sight and out of mind.

Functions of Note

getInboxThreads(start,max) retrieves a range of Inbox threads irrespective of labels.
Start is the index of the first thread to retrieve.
Max is the maximum number of threads to retrieve.
Change the max value (5 in my code) if you want to check more or less at a time.
It is located on Line 2 in the code above.

body.indexOf() searches the body for specified text. If you want to filter based on different headers, just change the text inside the parentheses.
It is located on Line 8 in the code above.

More Info on Google Apps Scripts

There are tutorials and quick-start guides on the Google Apps Scripts Homepage if you need additional help.

Chris Zalamia

"The knack [to flying] lies in learning how to throw yourself at the ground and miss." - Douglas Adams

Internet Junkie. Blogging/Social Media/SEO Hobbyist. Nerd.
  • unloco mqx

    A similar script that accepts an array of domain names
    http://pastebin.com/Y9HhE1jf

  • Voidheartd

    Thanks for this. It’s silly that google would show us the via domain but give no way to filter by it. I very rarely see spam in my inbox, and it is always coming from the same via domain.

  • jg30328

    I still can’t find the “X-Forwarded-For” info in my “show original” page. I’m not sure what to copy and insert…

    • It’s possible it’s just not there. Are you sure it was sent via another domain? Try a Ctrl-F search for the domain it was sent via. Maybe it’s listed under a different header and you can use that instead. As long as you are copying and inserting a text string that is unique to the “via” spam then it should work just the same.

  • Dennis Lee

    I also can’t find the X-forwarded-for part. But there is a dmarc=fail line. You can paste that in also. The spammers faked my own email address so that line will always be a failed check.

  • Nice @czalamia:disqus !

    Could you extend the script to support different headers, like a list of domains or IPs? (I tested it, it worked fine with one)

    • Thanks, glad it worked for you! Sure, yeah you can extend it. Basically all it’s doing is searching for a specific string unique to the unwanted emails. It then sends any emails in which it finds the string to your spam folder with the “GmailApp.moveThreadToSpam(threads[i])” line.

      If you want to have it search for multiple strings, like different domains for instance, you can add them in with OR operators in the “if(body.indexOf(“X-Forwarded-For: [email protected] [email protected]“)>-1)” line.

      Alternatively, you could add additional “else if” statements underneath the above line. I’m no coding expert, so there may be a more efficient way to do it, but I hope that points you in the right direction.