SaaS

DCI / Gateway

What does this solution describe?

How to apply a spam score to a Top Level Domain (TLD) so that it is quarantined instead of configuring a full TLD block (550).


What is the solution?

Use a Pattern Filter to quarantine TLDs in Filter Rules > Pattern Filtering. Select an option and follow the steps below.


Option 1 - You want to create a Pattern Filter that will quarantine any Top Level Domains (TLDs) except ones specified in the pattern filter:

  • Go to Filter Rules > Pattern Filtering and click Add.

  • Complete the fields as follows:

    • Filter Expression: select matches regular expression

    • Value: Enter the following, replacing sender TLD with either com, gov, net, org or edu.

(.+\@)(?!(.+\.TLD(?!\.)\b))
  • Check Apply to Headers and enter EnvelopeFrom in the text box.

  • Rule Type: select Soft Block.

  • Score: select 10 (or similar).

  • Click Save.


Option 2 - You want to create a Pattern Filter that will quarantine anything from specific Top Level Domains:

  • Go to Filter Rules > Pattern Filtering and click Add.

  • Complete the fields as follows:

    • Filter Expression: select matches regular expression

    • Value: Enter the following, replacing sender TLD with either com, gov, net, org or edu.

(.+\@).+\.TLD(?!\.)\b
  • Check Apply to Headers and enter EnvelopeFrom in the text box.

  • Rule Type: select Soft Block.

  • Score: select 10 (or similar).

  • Click Save.


Option 3 - You want to create a Pattern Filter that will block specific TLDs, to a specific user:

  • Go to Filter Rules > Pattern Filtering and click Add.

  • Complete the fields as follows:

    • Filter Expression: select matches regular expression

    • Value: Enter the following, replacing ONLY the following:

      • USER-NAME recipient user name.

      • DOMAIN recipient domain (for subdomains, you can specify as 

        user-name@subdomain.domain.com)

      • TLD sender TLD, replace with either com, gov, net, org or edu.

(((to:.*USER-NAME\@DOMAIN\.COM\b.*)(.*(\n|\r))*)(from:.*\@.*\TLD(?!\.)\b.*)|(from:.*\@.*\.TLD(?!\.)\b *)(.*(\n|\r))*(to:.*USER-NAME\@DOMAIN\.COM\b.*))
  • Check Apply to Headers.

  • Rule Type: select Soft Block.

  • Score: select 10 (or similar).

  • Click Save.


Further Info

Unlike the TLD block under System Setup > Mail Relay > Sender Controls > Blocked Top Level Domains (TLDs), your allow-list entries will bypass these pattern blocks.