Hi Joe,
Please refer,
-
Any email address mask that starts with a plus sign (+) keeps matching messages for inspection. If you add the sender filter +*@abc.com, all messages that are sent from anyone in the abc.com domain are inspected.
-
Any email address mask that starts with a minus sign (-) excludes matching messages from inspection. If you add the recipient filter *@xyz.com, all messages that are sent to anyone in the xyz.com domain are not inspected.
If you add an asterisk (*) to the end of the filter expression, any message not explicitly matching any of the filter masks is ignored. For example, if you add the sender filter +*@abc.com,*, all messages from anyone in the abc.com domain are inspected, but all other messages are ignored.
You can also include asterisk wildcards elsewhere in the address strings. The specific filter syntax depends on the protocol. For example, for email addresses you can use wildcards anywhere in the filter string as follows:
-
+*@symantec.com inspects all email to/from symantec.com.
-
+*.symantec.com inspects all email to/from any subdomains of symantec.com.
-
-*symantec.com excludes all email to/from any email address ending in symantec.com.