Configuring a Content Filtering Rule

You can create content filtering rules to evaluate inbound and outbound email messages based on the following scanning conditions:

  • Attachment file types, file names, file size, or the number of attachments

  • Content in email headers, body, or attachments

  • Sender authentication results

  1. Go to Policies > Policy Management.
  2. Click the Content Filtering Rules tab.
  3. Do one of the following:

    • Click Add to create a new rule.

    • Click a rule name to change the settings.

  4. Type a rule name.
  5. Configure the scanning conditions.
    1. Under Attachment, specify the criteria for attachments.

      For more information, see Scanning Conditions for Attachments.

    2. Under Content, specify one or more keywords or expressions to match in messages.

      For more information, see Adding Keyword Lists or Expressions.

    3. Under Sender Authentication Results, select one or more sender authentication protocols; then, select one or more authentication results from the drop-down list.
      Note:

      • For sender authentication result settings in content filtering rules to take effect, go to Administration > Sender Filtering/Authentication and click the tab for the authentication protocol (SPF, DKIM Authentication, or DMARC). Then, enable the authentication protocol and select Insert X-Header into email messages.

      • Deep Discovery Email Inspector matches an email message if an authentication result for each selected sender authentication protocol is matched.

    4. (Optional) Select Apply rule if sender address does not match message header (From) to apply the content filtering rule if the sender address and the address in the message header From field do not match.
      Note:

      This option is not applicable when Deep Discovery Email Inspector is operating in BCC mode.

  6. Specify the Action.

    For more information, see Policy Actions.

  7. (Optional) From the Send notification drop-down list, select a notification message to inform recipients about the applied policy action.
    Important:

    Deep Discovery Email Inspector only sends recipient notifications when you select Send notification and a notification message.

    You can configure notification messages on the Notifications screen (go to Policies > Policy Objects > Notifications).

    For more information, see Configuring Recipient Notification.

  8. Click Save.

    After adding a rule, you can:

    • Click a rule name to edit the rule settings.

    • Select a rule and click Delete to remove the selected rule.

Parent topic: Content Filtering Rules