# Remove Malicious Email and Block Sender Crate

{% hint style="info" %}
If you’re new to Crates, read through our introductory Crate documentation [here](https://docs.rewst.help/prebuilt-automations/crates). Find the Crate in our Crate Marketplace.
{% endhint %}

## What does the Remove Malicious Email and Block Sender Crate do?

Our Remove Malicious Email and Block Sender Crate will allow you to search for a specific sender, remove any emails from that sender and block them on an organization wide basis. It will then document the action in an existing ticket.

* Achieve a quick resolution of spam issues affecting multiple users.
* Ensure proactive blocking of known spam senders.
* Set up automatic documentation of spam-related actions in a ticket for auditing.

## Crate prerequisites

* The [Microsoft Cloud Integration Bundle](https://docs.rewst.help/documentation/integrations/integration-guides/microsoft-cloud-integration-bundle) must be set up before unpacking this Crate.
* For ticketing functionality, set up one of the following PSA integrations:
  * [Halo PSA](https://docs.rewst.help/documentation/integrations/integration-guides/halo-integration-setup)
  * [Datto PSA](https://docs.rewst.help/documentation/integrations/integration-guides/datto-psa-integration-setup)
  * [ConnectWise PSA](https://docs.rewst.help/documentation/integrations/integration-guides/connectwise-integration-setup)
  * [Freshdesk](https://docs.rewst.help/documentation/integrations/integration-guides/freshdesk-integration-setup)
  * [Kaseya BMS](https://docs.rewst.help/documentation/integrations/integration-guides/kaseya-bms-integration-setup)
  * [ServiceNow](https://docs.rewst.help/documentation/integrations/integration-guides/servicenow-integration-setup)
* For ticketing functionality, the [organizational variable](https://docs.rewst.help/integrations/organization-variables#what-is-an-organization-variable) `default_psa` should be defined per the table below.

| PSA             | Value        |
| --------------- | ------------ |
| ConnectWise PSA | `cw_manage`  |
| DattoPSA        | `datto_psa`  |
| Freshdesk       | `freshdesk`  |
| HaloPSA         | `halo_psa`   |
| Kaseya BMS      | `kaseya_bms` |
| ServiceNow      | `servicenow` |

## Unpack the Remove Malicious Email and Block Sender Crate

1. Navigate to **Marketplace > Crates** in the left side menu of the Rewst platform.
2. Search for `Remove Malicious Email and Block Sender`.\
   \
   ![](https://1835401289-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FAQQ1EHVcEsGKBPVHmiav%2Fuploads%2FKDSCppfWSmmAggdp0pVm%2Fimage.png?alt=media\&token=a1ccc5c6-154b-41ed-96f5-050ae89f6521)
3. Click on the Crate tile to open its details page.
4. Click **Unpack Crate**.
5. Click **Continue**.
6. Enter your time savings into the **Time Saved (seconds)** field.
7. Click **Unpack**.

### Test the Crate

1. Navigate to **Automations > Assets > Forms** in the Rewst platform.
2. Search for `Remove Emails and Block Sender`.<br>

   <figure><img src="https://1835401289-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FAQQ1EHVcEsGKBPVHmiav%2Fuploads%2FlnMJpQBAj4rVY3eKfYT2%2FScreenshot%202025-04-01%20at%204.39.48%E2%80%AFPM.png?alt=media&#x26;token=c7130ae0-f7c8-4124-ab3a-b73a854aac9f" alt=""><figcaption></figcaption></figure>
3. Click **⋮** to the right of your searched form. Select **Usages**.
4. Click **View Direct URLs** for the Workflow named **\[ROC] M365: Remove Malicious Emails and Block Sender**.
5. Click the link that corresponds to your target organization. Note that the target organization will need to have been mapped and authorized within the [Microsoft Cloud Integration Bundle](https://docs.rewst.help/documentation/integrations/integration-guides/microsoft-cloud-integration-bundle).\
   \
   ![](https://1835401289-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FAQQ1EHVcEsGKBPVHmiav%2Fuploads%2FfZRPXDfTR3I4MyT6mVXA%2FScreenshot%202025-04-01%20at%204.40.56%E2%80%AFPM.png?alt=media\&token=2bb438c4-0aa0-4cb8-9f84-c8d503cd3e68)
6. Select the ticket number to document the workflow actions for the request from the **Ticket Number** drop-down selector.
7. Enter the **Email Address of the Sender** that you wish to remove and block.
8. Click **Submit**.

{% hint style="danger" %}
This will remove all emails from the sender specified above that have been sent to the organization. Make sure that you wish to delete all of these emails before using the form.
{% endhint %}

{% hint style="info" %}
Got an idea for a new Crate? Rewst is constantly adding new Crates to our Crate Marketplace. Submit your idea or upvote existing ideas here in our [Canny feedback collector](https://rewst.canny.io/crates).
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.rewst.help/documentation/crates/existing-crate-documentation/remove-malicious-email-and-block-sender-crate.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.