The Email Security product provides a number of built-in dictionaries to assist organisations with Data Loss Prevention (DLP). The dictionaries are used to detect potentially high risk data egressing via email messages.
The DLP dictionaries consist of Regular Expressions and keywords.
The DLP dictionaries can be applied to Message Rules using any condition that supports dictionaries, such as the Body condition.
AWS Keys (RegEx)
Format: access keys contain two parts: an access key ID (such as
Pattern: either the key or the secret must be present
AWS Keys (Keywords)
Azure DocumentDB Auth Key (RegEx)
Format:The string "DocumentDb" followed by the characters and strings outlined in the pattern below.
Azure Publish Setting Password (RegEx)
Format:The string "userpwd=" followed by an alphanumeric string.
Azure Storage Account Key (RegEx)
Format:The string "DefaultEndpointsProtocol" followed by the characters and strings outlined in the pattern below, including the string "AccountKey".
Card Number (RegEx)
Format: 14 digits that can be formatted or unformatted (dddddddddddddd) and must pass the Luhn test.
Pattern: Very complex and robust pattern that detects cards from all major brands worldwide, including Visa, MasterCard, Discover Card, JCB, American Express, gift cards, and diner cards.
Prefix from a valid card issuer and computes the Luhn checksum which every Credit Card Number must pass.
Card Number (Keywords)
Date of Birth (RegEx)
Format: a date represented in a known UK or US format
Pattern: must include a prefix "Date of birth:" or "Birthday:"
Date of Birth (Keywords)
Email Address (RegEx)
Format: has to have a prefix to the left of the @ symbol, @ symbol, and a domain appears to the right of the @ symbol. Additionally, a domain part needs to contain a dot, which has an additional 2-3 characters after that.
International Banking Account Number, IBAN (RegEx)
Format: Country code (two letters) plus check digits (two digits) plus bban number (up to 30 characters)
Pattern : must include all of the following:
b- National bank code
c- account number
s- branch code
x- national check digit
The format for each country is slightly different. The IBAN sensitive information type covers these 60 countries: ad, ae, al, at, az, ba, be, bg, bh, ch, cr, cy, cz, de, dk, do, ee, es, fi, fo, fr, gb, ge, gi, gl, gr, hr, hu, ie, il, is, it, kw, kz, lb, li, lt, lu, lv, mc, md, me, mk, mr, mt, mu, nl, no, pl, pt, ro, rs, sa, se, si, sk, sm, tn, tr, vg
IP Address (RegEx)
IPv4: Complex pattern that accounts for formatted (periods) and unformatted (no periods) versions of the IPv4 addresses
IPv6: Complex pattern that accounts for formatted IPv6 numbers (which include colons)
Format: the password must contain at least one lowercase character, one uppercase character, one digit, one special character, and a length form 8 to 14.
Pattern: contain all of the following, but in no particular order:
SWIFT Code (RegEx)
Format: four letters followed by 5-31 letters or digits
Pattern: four letters followed by 5-31 letters or digits:
SWIFT Code (Keywords)
Example rule to detect Credit Card Numbers on outbound email and quarantine to a "DLP" area for review by the administrator: