Blocking emails from hacked Gmail accounts
Some Gmail accounts - either legitimate accounts that have been hacked, or spam accounts created for malicious purposes - will send emails with little or no content. For example, an email with a subject line of "hi" and no body text. Since these emails have very little content to analyse, it can be difficult to immediately determine if the email is legitimate or not.
EMS can detect these types of emails, and automatically block or quarantine them. Here's how to set it up.
- Visit your USS Dashboard and click Products ⟶ E-mail Security ⟶ Custom Rule Data.
- Click to create new Rule Data. Give it a sensible name such as "Gmail domains".
- In the Value field, enter
- Click to create a new RegEx. Call it "Gmail spam".
- In the value field, enter
- Click Message Rules, then click to add a new Rule. Call it "Quarantine Gmail spam".
- Add a Direction Condition. Set the logic to Matches: Inbound.
- Add an Email size Condition. Set the logic to Less Than: 4kb.
- Add a Sender Condition. Set the logic to Matches: Gmail domains (or whatever name you gave the Rule Data in Step 2).
- Add a Subject Condition. Set the logic to Matches: Gmail spam (or whatever name you gave the RegEx in Step 4).
- Add a Quarantine Final Action. Set the value to Spam.
- Click and drag the new Rule to a sensible position in your Message Rules list. If your Service Provider has created a set of sensible default Rules, positioning this new Rule above the Confirmed Spam Rule is a good choice.
The full Rule should look like this: