![]() | SaaS | ![]() | DCI / Gateway | ![]() |
What does this solution describe?
How to apply a spam score to a Top Level Domain (TLD) so that it is quarantined instead of configuring a full TLD block (550).
What is the solution?
Use a Pattern Filter to quarantine TLDs in Filter Rules > Pattern Filtering. Select an option and follow the steps below.
Option 1 - You want to create a Pattern Filter that will quarantine any Top Level Domains (TLDs) except ones specified in the pattern filter:
Go to Filter Rules > Pattern Filtering and click Add.
Complete the fields as follows:
Filter Expression: select matches regular expression
Value: Enter the following, replacing sender TLD with either com, gov, net, org or edu.
(.+\@)(?!(.+\.TLD(?!\.)\b))
Check Apply to Headers and enter EnvelopeFrom in the text box.
Rule Type: select Soft Block.
Score: select 10 (or similar).
Click Save.
Option 2 - You want to create a Pattern Filter that will quarantine anything from specific Top Level Domains:
Go to Filter Rules > Pattern Filtering and click Add.
Complete the fields as follows:
Filter Expression: select matches regular expression
Value: Enter the following, replacing sender TLD with either com, gov, net, org or edu.
(.+\@).+\.TLD(?!\.)\b
Check Apply to Headers and enter EnvelopeFrom in the text box.
Rule Type: select Soft Block.
Score: select 10 (or similar).
Click Save.

Option 3 - You want to create a Pattern Filter that will block specific TLDs, to a specific user:
Go to Filter Rules > Pattern Filtering and click Add.
Complete the fields as follows:
Filter Expression: select matches regular expression
Value: Enter the following, replacing ONLY the following:
USER-NAME recipient user name.
DOMAIN recipient domain (for subdomains, you can specify as
user-name@subdomain.domain.com)
TLD sender TLD, replace with either com, gov, net, org or edu.
(((to:.*USER-NAME\@DOMAIN\.COM\b.*)(.*(\n|\r))*)(from:.*\@.*\TLD(?!\.)\b.*)|(from:.*\@.*\.TLD(?!\.)\b *)(.*(\n|\r))*(to:.*USER-NAME\@DOMAIN\.COM\b.*))
Check Apply to Headers.
Rule Type: select Soft Block.
Score: select 10 (or similar).
Click Save.
Further Info
Unlike the TLD block under System Setup > Mail Relay > Sender Controls > Blocked Top Level Domains (TLDs), your allow-list entries will bypass these pattern blocks.