|
Whitelist Rules |
  
|
|
Whitelist Rules |
|
Overview
A Whitelist rule is comprised of the following elements:
| • | Rule Name - Providing a relevant name helps to manage multiple rules |
| • | Search Criteria - Any number of field-value pairs to match |
Each rule can have multiple sets of field-value pairs. The Field element represents a specific field in the header of an email message. (See an example message header below). Each line in the Rule Search Criteria list represents a discrete test. Multiple search criteria are combined using the logical operator AND. So for a rule with 2 search criteria, a message would have to match criteria 1 AND criteria 2 to pass (and Whitelist the message). As you add more search criteria to a rule, you are making the rule more restrictive. This allows you to to better isolate and differentiate the 'good' messages from the rest of the spam.
Matching Multiple Search Values
Within each Field's Search Value you can specify multiple items by using double pipe characters ( || ) between each search element. The Whitelist processor will interpret || as the logical operator OR and will match any of the listed elements. You can have as many different elements as will fit within 600 characters (including spaces and ||'s). NOTE: single pipe ( | ) characters will be matched literally.
Wildcard Characters
There are no wildcard characters used in search values and * or ? will be matched literally. If you wanted to match john@yourdomain.com and alison@yourdomain.com (or any user) you can specify @yourdomain.com and both will match. If you wanted to match john@ or alison@ but not robert@, you would create a rule using john@yourdomain.com || alison@yourdomain.com. If you wanted to match john@ AND alison@ but NOT robert@, you would create a test for john and alison to match them specifically within the same message. (See Examples below)
Excluding Match Criteria
You can use the special operator != at the beginning of a Search Value to represent the logical operator NOT EQUAL. It can only be used when a rule has more than one Search Criteria and should be used with care. The above example would evaluate as: Match if the To: header field contains john@yourdomain.com AND the From: field is NOT EQUAL to (does not contain) john@yourdomain.com.
Using the <Any> Field option
Use the <Any> field with care. As more of each message has to be scanned, it will increase the workload of the Whitelist Service (and your server). When you use <Any>, you are not linking your search value to a particular header field, which will increase the chances of releasing a spam message by mistake.
Rule/Criteria Enable
You can chose to enable/disable Rules and individual Criteria Tests in each rule as required. Rules or search criteria that are not enabled or blank in the Whitelist Rule Editor are ignored.
Best Practice Rule Strategy
| • | Limit the Search Value text in the rule criteria to the minimum required text to identify a match. If attempting to match an email address, only include the actual address and don't include the 'Friendly Name' part of the address. |
| • | Best performance is achieved by creating the fewest possible rules with the fewest possible tests per rule. |
| • | You may find that you could combine many of your rules together. If you had 3 rules testing for senders john@domain.com, sue@domain.com and info@domain.com, you could combine these into 1 rule of @domain.com. |
| • | Avoid using <Any> if possible. |
Example Message Header
Received: from yourcustomer.com ([153.40.41.5]) by yourdomain.com with Microsoft SMTPSVC(6.1.3790.3959); Sun, 5 Aug 2009 16:33:33 +0100 From: "Susan Smith" <susan@yourcustomer.com> Reply-To: "Sales" <sales@yourcustomer.com> Organization: Big Company Ltd Message-ID: <1237675741.3772294604@yourcustomer.com> Date: Sun, 5 Aug 2009 10:49:56 -0500 To: <john@yourdomain.com> Subject: RE: New contact details MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="koi8-r"; reply-type=original Return-Path: sales@yourcustomer.com X-OriginalArrivalTime: 05 Aug 2009 15:33:34.0302 (UTC) FILETIME=[FC0A2FE0:01C7D775] |
Example Rules and their results (using the above sample message)
Rule |
Search Criteria |
Results |
||
Rule 1 |
From: |
yourcustomer.com |
Match |
Pass |
Reply-To: |
sales |
Match |
||
Rule 2 |
From: |
yourcustomer.com |
Match |
Fail |
To: |
robert@yourdomain.com |
No Match |
||
Rule 3 |
<Any> |
koi8-r |
Match |
Pass |
Rule 4 |
Organization: |
Small Company Ltd |
No Match |
Fail |
<Any> |
sales@yourcustomer.com |
Match |
||
Rule 5 |
From: |
yourcustomer.com |
Match |
Fail |
To: |
alison@yourdomain.com |
No Match |
||
Rule 6 |
Return Path: |
@yourcustomer.com || @anothercustomer.com |
Match |
Pass |
Rule 7 |
To: |
Frank || Sue || Info || WebSales |
No Match |
Fail |