What is the issue?

How to apply a spam score to a Top Level Domain (TLD) so that it is quarantined instead of configuring a full TLD block (550).

What is the solution?

Use a Pattern Filter to quarantine TLDs in Filter Rules > Pattern Filtering. Select an option and follow the steps below.

Option 1

You want to create a Pattern Filter that quarantines any Top Level Domains (TLDs) except ones specified in the pattern filter:

  1. Go to Filter Rules > Pattern Filtering and click Add.

  2. Complete the fields as follows:

    • Filter Expression: Select matches regular expression.

    • Value: Enter the following, replacing sender TLD with com, gov, net, org or edu.

      (.+\@)(?!(.+\.TLD(?!\.)\b))

    • Check Apply to Headers and enter EnvelopeFrom in the text box.

    • Rule Type: Select Soft Block.

    • Score: Select 10 (or similar).

  3. Click Save.

Option 2

You want to create a Pattern Filter that quarantines anything from specific Top Level Domains:

  1. Go to Filter Rules > Pattern Filtering and click Add.

  2. Complete the fields as follows:

    • Filter Expression: Select matches regular expression.

    • Value: Enter the following, replacing sender TLD with com, gov, net, org or edu.

      (.+\@).+\.TLD(?!\.)\b

    • Check Apply to Headers and enter EnvelopeFrom in the text box.

    • Rule Type: Select Soft Block.

    • Score: Select 10 (or similar).

  3. Click Save.

Option 3

You want to create a Pattern Filter that blocks specific TLDs to a specific user:

  1. Go to Filter Rules > Pattern Filtering and click Add.

  2. Complete the fields as follows:

    • Filter Expression: Select matches regular expression.

    • Value: Enter the following, replacing ONLY the following:

      • USER-NAME recipient user name.

      • DOMAIN recipient domain (for subdomains, you can specify as user-name@subdomain.domain.com)

      • TLD sender TLD, replace with either com, gov, net, org or edu.

        (((to:.*USER-NAME\@DOMAIN\.COM\b.*)(.*(\n|\r))*)(from:.*\@.*\TLD(?!\.)\b.*)|(from:.*\@.*\.TLD(?!\.)\b *)(.*(\n|\r))*(to:.*USER-NAME\@DOMAIN\.COM\b.*))

      • Check Apply to Headers.

      • Rule Type: Select Soft Block.

      • Score: Select 10 (or similar).

  3. Click Save.

Further Info

Unlike the TLD block under System Setup > Mail Relay > Sender Controls > Blocked Top Level Domains (TLDs), your allow-list entries will bypass these pattern blocks.

For more documentation, see Pattern Filtering.