Home

EOL Transport rule to trap spam with these characteristics?

Calum Steen
Occasional Contributor

My users are being bombarded by spam which has some very specific characteristics. I'm desperate to create a transport rule which silently deletes emails which have this pattern

 

1) The sending domain is one of the webmail services like gmail.com, yahoo.com, yahoo.co.jp, outlook.com

2) The subject line is blank, 'Re:' or 'Fwd:' (sometimes in upper case)

3) The message body has some brief random text plus a hyperlink, often shortened to http://goo.gl or https://goo.gl

 

So far, all my attempts at rules which look for this combination of characteristics have failed :(

 

The way the message body is encoded is as follow, don't know if that confuses attempts to search?

 

<div dir="auto">Enquiry https://goo.gl/x1MCK7 <div dir="auto"><br></div><div dir="auto">Ramin Marjan</div></div><br><div class="gmail_quote"><div dir="ltr">---------- Forwarded message ---------<br>From: <strong class="gmail_sendername" dir="auto">Ramin Marjan</strong> <span dir="ltr">&lt;<a href="mailto:nraminnottingham@yahoo.co.uk">raminnottingham@yahoo.co.uk</a>&gt;</span><br>Date: Sunday, February 10, 2019 06:00:46 PM
1 Reply

The problem here is coming up with an exact match, which is where Regex is very useful. It might be a bit hard to grasp if you haven't dealt with regex previously, but here's a nice article with examples of what you can do with transport rules and regex: https://windowsserveressentials.com/2017/03/28/using-office-365-to-protect-your-email/

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
50 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
32 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
15 Replies
Dev channel update to 80.0.355.1 is live
josh_bodner in Discussions on
67 Replies