Targeted Threat Protection - Impersonation Protect - Custom Dictionaries

Updated August 13, 2025 06:23

This article contains information on creating a custom threat dictionary, including specifying words/phrases to scan, setting activation scores, and configuring scan options for email headers, subjects, and bodies to identify potential threats.

With a custom threat dictionary, you can specify the word/phrase to look for and where to look for it (e.g., header, subject, or body).

To create a custom threat dictionary:

Open the Definition to which you want to create the Custom Threat Dictionary.
Click on the Targeted Threat Dictionary definition option (if not selected by default).
Click on the Lookup button to the right of the "Custom Threat Dictionary" field.
Click on the New Custom Dictionary button.
Complete the Custom Dictionary Options dialog:

Field / Option	Description
Description	Enter a description that enables you to identify the dictionary.
Activation Score	Specify a value that is used in conjunction with the *Word/Phrase Match List* field to determine if a threat is valid.
Scan Subject Line	Select one or all of these options to scan a message's subject, header, or body for the content specified in the *Word/Phrase Match List* field.
Scan Message Header
Scan Message Body
Word / Phrase Match List	Specify a list of words, phrases, or regular expressions, preceded by a numerical weighting value. Multiple entries must be specified on separate lines. Messages are searched for the entries in the match list (in the components specified). If they are found, the individual weighting values are totaled, and if this value equals or exceeds the *Activation Score* value, a threat has been found. Example entries include: 2 "urgent" 2 "company confidential" 1 regex \bpayment(s)?\b A maximum of 500 lines can be added.

Click on the Save and Exit button. The dictionary is now available to select.

Targeted Threat Protection - Impersonation Protect - Custom Dictionaries

See Also...

Related to

Comments