Content Examination - Block Emails by Top Level Domain

Updated

This article describes how you can block Top Level Domains (TLD) for specific countries using a content examination definition. This should be read in conjunction with the Content Examination - Definitions and Content Examination Policy pages.

Overview

There are two ways to block emails sent from top-level domains. Both require you to use a regular expression but differ where this is placed in the definition. The options are the:

      • Applies From field in a policy
      • Word / Phrase Match List field in a definition

Using a Policy

To block top-level domains using a policy, configure it using the following values:

Field / Option Value
Addresses Based On The Return Address (Email Envelope From).
Applies From Individual Email Address.
Specifically Enter a regular expression with each undesirable top-level domain in brackets separated by a "|" character and sharing a key with the backslash '\'). For example: 
regex: \b.*@.*\.(ac|ba|ci|download|fo)\b

Using a Definition

To block top-level domains using a definition, configure it using the following values:

Field / Option Value
Definition Type Independent Content Definition.
Activation Score 1.
Fuzzy Hash Setting Do Not Use Fuzzy Hash Techniques.
Word / Phrase Match List Enter a regular expression with each top-level domain on a separate line. For example: 
1 regex (\.ac\>)
1 regex (\.ba\>) 
1 regex (\.ci\>)
1 regex (\.download\>)
1 regex (\.fo\>)
Scan Message Headers Selected.

This method has the advantage of making it easier to maintain the list of blocked top-level domains, as individual entries can be added or removed from the Word Phrase Match List field.

Related to

Was this article helpful?
0 out of 4 found this helpful

Comments

2 comments
Date Votes

Please sign in to leave a comment.