Link to home
Start Free TrialLog in
Avatar of Merlin-Eng
Merlin-EngFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Help needed with Transport Rule

Exchange 2007: Like most people, we are getting inundated with junk emails. I noticed that a good proportion of them are coming from email addresses from the top level domain ".date"

We never get genuine emails from .date domains, so I decided to do a transport rule to block them. I've tried two different ways so far, but neither of them have had any effect...

Firstly I tried a rule with 'When the From address contains specific words' box checked. And I put .date in the data.

Then I tried a rule with the 'When the From address contains text patterns' and I put .date in the data.

With both of then I specified an action to silently drop the message. These rules are not working. I suspect it is the .(dot) which is causing the problem. I cannot use "date" without the dot because some genuine emails will have "date" in another part of the email address.

Can I get this working?
Avatar of Zaheer Iqbal
Zaheer Iqbal
Flag of United Kingdom of Great Britain and Northern Ireland image

Do you content filter Agent installed ?

http://www.exchangeinbox.com/article.aspx?i=104
Can you check the email header and check it is actually coming from that domain.
lol #1
are you sending and receiving mail straight through a firewall here?

do you not have a middle man delivering and receiving email?

block the mails here, you obviously have some big problems here if you are even receiving these.
buy mimecast it will save your life.

you have to stop this stuff getting to your exchange server, not blocking it from within the exchange server, the war has already been lost at that point.
All the CVE's documented these days it is just too risky, cut the mail out using a known trusted sender like Mimecast. Mimecast in my opinion have better spam protection than Microsoft.

#1
Avatar of Merlin-Eng

ASKER

Sorry for the delay in replying, i've been out all day

@Zaheer Iqbal: yes the content filter is installed, (I think it is installed as standard). No the emails are not coming from the domains specified in the from address. I have been analysing the emails. They are using a different block of IP addresses, and different .date domains every day. I don't see what purpose a catch-all mailbox would serve here.

@Mark Bill: Yes we are sending and receiving straight through the firewall. I know we would be better protected with something like mimcast, but we aren't currently doing it.

None of the replies so for have commented on my original problem. Shouldn't it be possible to create a transport rule to block an entire top level domain?
ASKER CERTIFIED SOLUTION
Avatar of FOX
FOX
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
@Fox: That was what i was looking for. I needed the wildcard character in front of my .date text pattern. Thank you so much,
Ye sending email straight over the internet is madness, middle man must be used in my opinion.
best of luck.