03-29-2021 06:08 AM
In ESA I would like to have the following filter: scan for URLs in message body. If the URL contains specific word (or match regular expression) i.e. for word "company" it would match https?://example.company.test, https?://example-company.test. Then exclude URLs from "trusted" list i.e. *.company.com, *.company.net. So:
if (URL match regular expression) AND (URL does not match trusted list) then ...
I would prefer to avoid constructing negative lookahead (?!pattern) on message body.
Any hints?
03-29-2021 08:09 AM
03-29-2021 09:01 AM
In the Mail Policies->incoming content filters I can add a filter with condition either "URL category" or "URL reputation". That is not what I want. I want to match domain name from the URL to some patterns. If I could create patterns that would match domains phishing my "company name" then of course I want to exclude all known trusted "company name" sites.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide