Suppose you have a situation where you have a group of internal users who should only be allowed to send mail to a few approved domains.
What do you do?
The answer is you create a policy rule with a regular expression.
However it is not straightforward fo write a suitable regex for this situation...
The first instinct is to write something that would match the allowed domains and then invert it... or use a Does Not Match clause...
For example the following regex would match a list of allowed domains:
(@yahoo\.com|@gmail\.com|@hotmail\.com)
So if you simply write a rule where Envelope Recipient does not match (@yahoo\.com|@gmail\.com|@hotmail\.com), you would think you should be all set, right? Wrong. This doesn't work.
So maybe sticking an exclamation character in front of the whole thing would help? After all exclamation means Not in the regex syntax. But unfortunately that doesn't work either.
I almost lost hope to find a solution when I went to regexpal.com and played with a few more regex combinations. I noticed that the following regex was actually highlighting the @ character Only in those email addresses that were Not among the listed domains. Bingo!!!
@(?!(yahoo.\com|hotmail.\com|gmail.\com))
I have finally found a regular expression that gave me a result when there was a "bogey" string present!
The (?! statement at the very beginning of the regex is a negative look ahead that does the whole trick.
So now I can use this condition in my policy rule:
When Envelope Recipient Matches Regular Expression @(?!(yahoo\.com|hotmail\.com|gmail\.com))
Action: Delete the Message and Send Notification
Of course I use different domains in my real policy.
It effectively allows people to send mail to only send mail to the recipient addresses that belong to the listed domains. If there is an address among the recipients that is not on the list, then the message is not sent.
One caveat - the message is not sent to any recipients. That's just how Brightmail works.