Pattern Filter: To Block/Allow a Top Level Domain (TLD) : SpamTitan Help Center

SaaS

DCI / Gateway

What does this solution describe?

How to apply a spam score to a Top Level Domain (TLD) so that it is quarantined instead of configuring a full TLD block (550).

What is the solution?

Use a Pattern Filter to quarantine TLDs in Filter Rules > Pattern Filtering. Select an option and follow the steps below.

Option 1 - You want to create a Pattern Filter that will quarantine any Top Level Domains (TLDs) except ones specified in the pattern filter:

Go to Filter Rules > Pattern Filtering and click Add.
Complete the fields as follows:
- Filter Expression: select matches regular expression
- Value: Enter the following, replacing sender TLD with either com, gov, net, org or edu.

(.+\@)(?!(.+\.TLD(?!\.)\b))

Check Apply to Headers and enter EnvelopeFrom in the text box.
Rule Type: select Soft Block.
Score: select 10 (or similar).
Click Save.

Option 2 - You want to create a Pattern Filter that will quarantine anything from specific Top Level Domains:

Go to Filter Rules > Pattern Filtering and click Add.
Complete the fields as follows:
- Filter Expression: select matches regular expression
- Value: Enter the following, replacing sender TLD with either com, gov, net, org or edu.

(.+\@).+\.TLD(?!\.)\b

Check Apply to Headers and enter EnvelopeFrom in the text box.
Rule Type: select Soft Block.
Score: select 10 (or similar).
Click Save.

Option 3 - You want to create a Pattern Filter that will block specific TLDs, to a specific user:

Go to Filter Rules > Pattern Filtering and click Add.
Complete the fields as follows:
- Filter Expression: select matches regular expression
- Value: Enter the following, replacing ONLY the following:
  - USER-NAME recipient user name.
  - DOMAIN recipient domain (for subdomains, you can specify as
    user-name@subdomain.domain.com)
  - TLD sender TLD, replace with either com, gov, net, org or edu.

(((to:.*USER-NAME\@DOMAIN\.COM\b.*)(.*(\n|\r))*)(from:.*\@.*\TLD(?!\.)\b.*)|(from:.*\@.*\.TLD(?!\.)\b *)(.*(\n|\r))*(to:.*USER-NAME\@DOMAIN\.COM\b.*))

Check Apply to Headers.
Rule Type: select Soft Block.
Score: select 10 (or similar).
Click Save.

Further Info

Unlike the TLD block under System Setup > Mail Relay > Sender Controls > Blocked Top Level Domains (TLDs), your allow-list entries will bypass these pattern blocks.

Pattern Filter: To Block/Allow a Top Level Domain (TLD) Print

What does this solution describe?

What is the solution?

Option 1 - You want to create a Pattern Filter that will quarantine any Top Level Domains (TLDs) except ones specified in the pattern filter:

Go to Filter Rules > Pattern Filtering and click Add.

Complete the fields as follows:

Filter Expression: select matches regular expression

Value: Enter the following, replacing sender TLD with either com, gov, net, org or edu.

Check Apply to Headers and enter EnvelopeFrom in the text box.

Rule Type: select Soft Block.

Score: select 10 (or similar).

Click Save.

Option 2 - You want to create a Pattern Filter that will quarantine anything from specific Top Level Domains:

Go to Filter Rules > Pattern Filtering and click Add.

Complete the fields as follows:

Filter Expression: select matches regular expression

Value: Enter the following, replacing sender TLD with either com, gov, net, org or edu.

Check Apply to Headers and enter EnvelopeFrom in the text box.

Rule Type: select Soft Block.

Score: select 10 (or similar).

Click Save.

Option 3 - You want to create a Pattern Filter that will block specific TLDs, to a specific user:

Go to Filter Rules > Pattern Filtering and click Add.

Complete the fields as follows:

Filter Expression: select matches regular expression

Value: Enter the following, replacing ONLY the following:

USER-NAME recipient user name.

DOMAIN recipient domain (for subdomains, you can specify as

TLD sender TLD, replace with either com, gov, net, org or edu.

Check Apply to Headers.

Rule Type: select Soft Block.

Score: select 10 (or similar).

Click Save.

Further Info

Pattern Filter: To Block/Allow a Top Level Domain (TLD) Print

What does this solution describe?

What is the solution?

Option 1 - You want to create a Pattern Filter that will quarantine any Top Level Domains (TLDs) except ones specified in the pattern filter:

Go to Filter Rules > Pattern Filtering and click Add.

Complete the fields as follows:

Filter Expression: select matches regular expression

Value: Enter the following, replacing sender TLD with either com, gov, net, org or edu.

Check Apply to Headers and enter EnvelopeFrom in the text box.

Rule Type: select Soft Block.

Score: select 10 (or similar).

Click Save.

Option 2 - You want to create a Pattern Filter that will quarantine anything from specific Top Level Domains:

Go to Filter Rules > Pattern Filtering and click Add.

Complete the fields as follows:

Filter Expression: select matches regular expression

Value: Enter the following, replacing sender TLD with either com, gov, net, org or edu.

Check Apply to Headers and enter EnvelopeFrom in the text box.

Rule Type: select Soft Block.

Score: select 10 (or similar).

Click Save.

Option 3 - You want to create a Pattern Filter that will block specific TLDs, to a specific user:

Go to Filter Rules > Pattern Filtering and click Add.

Complete the fields as follows:

Filter Expression: select matches regular expression

Value: Enter the following, replacing ONLY the following:

USER-NAME recipient user name.

DOMAIN recipient domain (for subdomains, you can specify as

TLD sender TLD, replace with either com, gov, net, org or edu.

Check Apply to Headers.

Rule Type: select Soft Block.

Score: select 10 (or similar).

Click Save.

Further Info

Related Articles