Symantec Mail Security for Exchange (7.5) - Block PHP Links Unless Whitelisted / Hold Mail and allow to be released

Is it possible to set up a spam filtering rule that will block all emails with PHP links in them unless the email address is whitelisted? Also, can any mail that is blocked be held and reviewed and either deleted/released periodically?
street9009Asked:
Who is Participating?
 
btanExec ConsultantCommented:
From the below, it may fall in the "If a message contains suspicious URL content" condition but this does not necessary block all PHP links. in fact, i tend to miss the use case why the need for blocking all PHP as some may be legitimate link too. It may be better for the SPAM engine to score that URL and state the action. The whitelist can still applies as required.
http://www.symantec.com/business/support/index?page=content&id=HOWTO53444#v11832917

There is also mention of content filter to handle spoofed url below besides just suspicious URL check
http://www.symantec.com/connect/forums/spoofing-urls-not-blocked

If there are really missed SPAM messages that bypass the check as false negative then you can also consider "customer-specific spam submissions" whereby messages can be submitted to Symantec
http://www.symantec.com/business/support/index?page=content&id=HOWTO77718#v63987512

But do note the "How rules are created and why messages may not result in custom rules" on the check steps
http://www.symantec.com/business/support/index?page=content&id=HOWTO77736#v66562137
0
 
street9009Author Commented:
Thank you!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.