Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Blocking outbound mail not my domain(s)

Created: 18 Oct 2012 | 3 comments

We have multiple  TLDs sending outbound mail to the internet.  We have some developers that don't understand mail / SPF / DKIM / DMARC and send mail as user@someother.domain.com instead of one of our domains.

I think a content policy it the correct place for this.

Lets say I have domain1.com, domain2.com.  I'd like to block any mail where the FROM is NOT one of

user@domain1.com

user@host.domain1.com

user@domain2.com

user@host.domain2.com

Would this work?   Is there a better way (Regular expression?  Domain1 and Domain2 are very different)

Conditions:
Apply to : Outbound Messages
Which of the following must be met: All

   If text in From: Address part of the message does not end with "@domain1.com"
   If text in From: Address part of the message does not end with ".domain1.com"
   If text in From: Address part of the message does not end with "@domain2.com"
   If text in From: Address part of the message does not end with ".domain2.com"

Actions

   I'd start with add a header, then move to quarantine, and finally delete.

Discussion Filed Under:

Comments 3 CommentsJump to latest comment

TSE-JDavis's picture

That sounds like it should work. Is this 9.5 or 10.0?

Cricket17's picture

9.5, but next week it will be 10.x.  Is there a better way in v10?

TSE-JDavis's picture

The reason I ask is that 10 has some extra options for Content FIltering, such as stopping rule processing if that rule is triggered. This would be useful for this rule to keep it from wasting anymore resources on this message.