About Rule Scanning Criteria

Rule scanning criteria allow you to specify the conditions that the rule applies to messages scanned by Hosted Email Security.

The available criteria are shown in a list in the center of the screen. Some of these criteria have links to screens where you specify the associated details.

Table 1. Basic Criteria


Filter Based on

Available in

No criteria

All messages

Inbound and outbound protection

Message contains

" malware or malicious code "

Detected malware, worms, and other threats by pattern-based scanning.

Inbound and outbound protection

Detected unknown threats by Predictive Machine Learning.

Inbound protection

Detected threats by the Advanced Threat Scan Engine.

Inbound protection

Message detected as

" Spam "

Detected spam.

Inbound and outbound protection

"Business Email Compromise (BEC)"

Detected BEC attacks.

Inbound protection

" Phishing and other suspicious content "

Detected phishing and other suspicious content.

Inbound and outbound protection

" Graymail "

Detected graymail messages.

Inbound protection

"Web reputation"

Detected URLs on the web or embedded in email messages that pose security risks.

Inbound and outbound protection

" Social engineering attack "

Detected social engineering attacks.

Inbound protection

Data Loss Prevention (DLP)

Message header fields and compliance templates

Detected DLP incidents

Outbound protection



Select Advanced to display the "Advanced" criteria.

" All Match "

" Any Match "

Specific attribute and content targets.

See Configuring Advanced Criteria.

Inbound and outbound protection