Support /
Knowledge Base

Email Filter Examples

This section will present a list of various examples and hints which can be used to start an email filtering policy.

Note: The following example is an implementation of the verify sender option with filters. 

Generating Filters for an Organization

One of the best policies to evade dictionary attacks (a very common technique lately employed by many spammers) is to reject emails for non-existent users in a domain. Nevertheless, if someone has to define 20 to 50 separate filters for each domain, followed by a block rule – which, by the way, should be placed last, this soon will prove to be a tedious job. We try to help you create lots of filters that share common traits by offering you the ‘Create user filters for domain’ wizard. When clicked, it will open a window popup and all you have to do is fill the ‘User list’ field with the list of users from your network – one per line (without @domain), add the domain in the ‘Domain’ field (without @), the position where you want to place the first filter (all the other filters will be placed in subsequent positions, shifting any previously defined filters) and tick the checkbox called ‘Add a DROP rule’ if you want to have the drop rule defined automatically.

Figure 1. Running the wizard to generate email filtering rules for users in a domain

For a list of three users, foo, bar and baz from example.com, starting at position 1 and with the option of defining the block rule we’ll have the following output:

  • filter 1, receiver ^foo@example.com$ , target ACCEPT
  • filter 2, receiver ^bar@example.com$ , target ACCEPT
  • filter 3, receiver ^baz@example.com$ , target ACCEPT
  • filter 4, receiver ^.*@example.com$ , target BLOCK

Warning: this wizard will add these rules only for the SMTP protocol because it makes sense to have them only to prevent others trying to send spam to non-existent mailboxes.

Figure 2. Email filtering rules after running the wizard

Why Not Block Everything?

It might be tempting to place a block all (^.*) filter at the end of your filter set on the SMTP protocol. But this is a double-edged blade because it will prevent YOUR emails (which pass through the SMTP proxy) to pass through the filter on their way out. That is, unless you carefully craft accept rules with ‘Sender’ set to each of the users from your domain, kind of like a reverse of what you’ve done in the previous section. And it is also an unnecessary measure as SMTP proxy won’t accept emails for other domains than for those it was instructed to receive mail for.

Using MIME Types

Using MIME types can be useful in rejecting different categories of emails. If your company policy doesn’t allow applications being sent over the emails, it will make sense to reject the MIME type application/octetstream by inserting a regular expression like ^.*application.*$ in the ‘MIME type’ field of the filter. A list of MIME types can be found here:http://www.iana.org/assignments/media-types/.