Environment
GWAVA (Secure Messaging Gateway)
Situation
A lot of spam is getting through from domains that end in four or more digits, for example spam@somedomain.science. What is a good filter to block these?
Resolution
To block domains ending in four or more characters, a regex can be used to block these. Do the following:
1) Go under Organization / Policy management | Policy scan configuration | Inbound mail filter policy. On the Filters tab drag down 'email address' to the policy workbench.If you have an existing one, this can be used as well.
2) Click on the edit icon for this email address node:and add the following regex string:
/.*\.[^.]{4,}/Make sure there are not spaces before or after, as this will make it not work correctly.3) Click ok.4) Link the email address node to the block service, by dragging the orange dot on the right side to the 'block' node. It can also be linked with the 'quarantine' service, if these need to be quarantined.
5) Save changes.
Now messages where the domain ends with more than four characters will be blocked.