Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
644
Views
5
Helpful
2
Replies

using a content policy, but not for all-inbound-mails(domains)

peter-forum-21
Level 1
Level 1

‎03-13-2022 03:31 AM

Hello, 

 

the owner have  C195 and he have 4 email-domains.

Question:  Is it possible to enable the URL-Malware-demasking-rule only for inbound-company3.com and company4.com Mails?   Thx in advance!

 

company1.com

company2.com

company3.com

company4.com

Labels:
0 Helpful
2 Replies 2

Udupi Krishna.
Cisco Employee
Cisco Employee

‎03-13-2022 06:49 PM

I am assuming you are referring to URL-defang action?. If yes, absolutely. You can setup message or content filter. An easiest e.g. 

 

condition - recipient domain == "inbound-company3.com" OR "company4.com" then enforce URL defang based on the reputation score range selected. (refer to attached image)

 

 

Preview file
35 KB
0 Helpful

Ken Stieers
VIP
VIP

‎03-15-2022 09:16 AM

The right way to do it is to create a mail policy that applies to mail with the recipients of company 3 and company 4.  Then enable the content filter so it runs for these mails.

 

You can do it as a condition in the content filter, but then it will still affect mail that is addressed to people in multiple companies, even it it only applies to one of them (e.g. a mail to someone@company1.com and someone@company3.com will be defanged). 

 

If you create a mail policy then the mail is splintered, and only the copy to company3/4 get affected. 

 

Customers Also Viewed These Support Documents