How to block encoded subjects

1) Login to SMG system admin UI and go to Organization / Policy management | Policy scan configuration | Inbound Mail Filter Policy (or the name of the policy that handles inbound mail)

2) From the Filters tab, drag 'Message Text' to the deployment workbench below:

3) Click on Message Text to rename it. Rename it to something such as 'Encoded Subject Filter'. This way it can easily be searched for and found in the Quarantine to find any false positives.

4) Click on the icon on the left of this new filter node, to edit it: 

5) Check the box for 'Look in Message Header' and add the following string:




Subject: =?UTF-8?B?

6) Link this new filter node with the 'block' and 'quarantine' services by dragging the orange dot on the left side of the node to each service.

7) Create a whitelist node, in case whitelist entries are needed later on. Do this by:

a) Drag the yellow dot on the left side of the Encoded Subject Filter and let go in the white space. This will produce a list, under Templates choose 'email address'.

b) Click on 'email address' to rename this exceptions node to something like 'Encoded Subject Whitelist'

c) Click on the icon on the left to edit the exception node:

d) Check the box to 'Scan sender address'.

f) Add email addresses that have an encoded subject here, to prevent them from getting blocked. If using a domain only, make sure to include the * wildcard in front, for example: *pinterest.com.

8) Save changes.