Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
663
Views
1
Helpful
2
Replies

Quarantine emails which url contains recipient's email address

Giorgi007
Level 1
Level 1

‎12-16-2024 03:16 AM

Hello,

I'm facing the following issue:

I need to quarantine emails which URL contains recipients whole email address.

For example if email contains such url: `https://malicious-url.com/page.php#giorgim@ab.ge`
and the recipient is "giorgim@ab.ge"
quarantine this email.

I guess I need to write a message filter, not a content filter, but I don't know how.

Any help will be much appreciated. Thanks in advance.



 

Labels:
0 Helpful
2 Replies 2

Giorgi007
Level 1
Level 1

‎12-23-2024 12:21 AM

Hi team, any help?

0 Helpful

Ken Stieers
VIP
VIP
In response to Giorgi007

‎12-26-2024 01:21 PM

So, I've taken a couple of stabs at this, and I think the closest you'll get is a content filter with a regex that looks for a URL that has "@yourdomain" in it.
The issue is that for both content filters and message filters, you can't use the variables that you can use for actions.
Content filter conditions are processed in order, so to minimize how many messages get the full regex scan run across them you could have the first condition in the filter be a URL reputation check for low reputation, and then the regex against the message body and set it for all conditions must match. That way, if it's a high reputation, you don't scan the email for the regex.

Customers Also Viewed These Support Documents