Ben Dodson

Freelance iOS, macOS, Apple Watch, and Apple TV Developer

MailRoute blacklisting via email

Want to keep up to date? Sign up to my free newsletter which will give you exclusive updates on all of my projects along with early access to future apps.

I’ve been using MailRoute on and off for the past few years1 in an effort to reduce the amount of spam in my inbox but there is one missing feature that always drives me nuts; there is no way to blacklist an email address or domain without going to their website. Whilst you can whitelist domains easily from the daily digest of caught spam, there is no feature that lets you forward spam to them in order to have it blacklisted (despite people, including me, requesting it since 2013). After having a look at the MailRoute API, I decided it was time to fix this myself.

There are several components in getting this working.

  1. I created a new email address with Gmail which will catch my forwarded spam2.
  2. I set up an account with and connected it to the gmail account3.
  3. I put the following code available on GitHub on a 15 minute CRON job

require_once 'OAuth.php';

define('CONTEXT_KEY', 'your-contextio-consumer-key');
define('CONTEXT_SECRET', 'your-contextio-consumer-secret');
define('CONTEXT_USER_ID', 'your-contextio-user-id');
define('CONTEXT_TRASH_NAME', '[Gmail]/Trash'); // change if not using Gmail

define('MAILROUTE_USER', 'your-mailroute-username'); // should be your email address
define('MAILROUTE_API_KEY', 'your-mailroute-api-key');
define('MAILROUTE_EMAIL_ACCOUNT_ID', 'your-mailroute-email-id'); // numeric - can be found in network traffic

$whitelist = ['']; // add the email address you are forwarding from or you'll blacklist yourself...

$inbox = performOAuthRequest('GET', ''.CONTEXT_USER_ID.'/email_accounts/0/folders/inbox/messages');
foreach ($inbox as $message) {
    $id = $message->{'message_id'};
    $body = performOAuthRequest('GET', ''.CONTEXT_USER_ID.'/email_accounts/0/folders/inbox/messages/'.$id.'/body');
    $content = str_replace('<', '', str_replace('>', '', $body->bodies[0]->content));
    $emails = extractEmailAddresses($content);
    foreach ($emails as $email) {
        if (!in_array($email, $whitelist)) {
            performRequest('POST', '', ['email_account' => '/api/v1/email_account/'.MAILROUTE_EMAIL_ACCOUNT_ID.'/', 'email' => $email, 'wb' => 'b'], ['Authorization: ApiKey '.MAILROUTE_USER.':'.MAILROUTE_API_KEY]);
    performOAuthRequest('PUT', ''.CONTEXT_USER_ID.'/email_accounts/0/folders/inbox/messages/'.$id, ['new_folder_id' => CONTEXT_TRASH_NAME]);

echo 'DONE!';


function performOAuthRequest($httpMethod, $url, $params=[], $headers=[]) {
    $signatureMethod = new OAuthSignatureMethod_HMAC_SHA1();
    $oauthConsumer = new OAuthConsumer(CONTEXT_KEY, CONTEXT_SECRET, NULL);
    $oauthRequest = OAuthRequest::from_consumer_and_token($oauthConsumer, NULL, $httpMethod, $url, $params);
    $oauthRequest->sign_request($signatureMethod, $oauthConsumer, NULL);
    return performRequest($httpMethod, $oauthRequest, $params);

function performRequest($httpMethod, $url, $params=[], $headers=[]) {
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_TIMEOUT, 20);

    $headers[] = 'Content-Type: application/json';
    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

    if (!in_array($httpMethod, ['GET', 'POST'])) {
        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $httpMethod);
    if ($httpMethod != 'GET') {
        curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($params));
    $output = curl_exec($ch);
    $httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    return json_decode($output);

// Email parsing

function extractEmailAddresses($string) {
   $emails = array();
   $string = str_replace("\r\n",' ',$string);
   $string = str_replace("\n",' ',$string);

   foreach(preg_split('/ /', $string) as $token) {
        $email = filter_var($token, FILTER_VALIDATE_EMAIL);
        if ($email !== false) { 
            $emails[] = $email;
    return array_unique($emails);

Now all you need to do is forward any spam you receive to the Gmail account you set up. Every 15 minutes, the CRON job will run and check the inbox for any emails. When it finds some, it will parse them for email addresses and blacklist them with MailRoute before deleting them.

In an ideal world, MailRoute would implement a custom email address for blacklisting but this seems to be working for now.

  1. I stopped using MailRoute a while back and was using the black hole feature of Sanebox but I’ve just stopped using them as found the free service FollowUpThen - I was getting a lot of spam after the switch off so decided to re-activate MailRoute this week. I use Fastmail for my email in case you were wondering. ↩︎

  2. As you’ll be forwarding emails to Gmail, you’ll want to disable its spam filter as otherwise your emails won’t end up in the inbox for processing by Context. To do this, you’ll need to set up a new rule which matches the email ‘@’ and ensures it never goes to spam. ↩︎

  3. Whilst I could connect Context to my personal email and just move things into a folder for blacklisting, I don’t trust services with access to my email account, certainly not services that are free and are using the data. ↩︎

Working Remotely » « Pocket Rocket for iOS 10 (now with an iMessage app)

Want to keep up to date? Sign up to my free newsletter which will give you exclusive updates on all of my projects along with early access to future apps.