Nearby Domain Rule

Updated 6 months ago by admin

This Rule compared domains in the email header to your configured domains. It will trigger when domains in the header are very similar to (but not identical to) your configured domains. For example, a spam email delivered to clouduss.com may contain headers from clouduus.com.

You can use this Rule to catch spam emailed that are designed to appear on casual inspection as if they originate from your domain.

To set up this Rule:

  1. Visit your USS Dashboard and click ProductsE-mail SecurityMessage Rules.
  2. Click to create a new Rule.
  3. Give the Rule a sensible name, like "Nearby domains", and click .
  4. Add a Direction Condition, with the logic set to Matches: Inbound.
  5. Add a Nearby Domains Condition, with the logic set to Less Than: 3.
You can configure values between 1 and 10, but we recommend using 3 as a starting point, and monitoring the Rule to see if the value needs increasing or decreasing. The exact value to use depends on your domain: a 3-character domain such as xyz.com would need to be configured with a lower value than a longer domain such as loremipsum.com.
  1. Add an Add to Spam Score Action. Set the value to 108. This will digest the message, should other Rules not detect it.
  2. Do not add a Final Action.
  3. Make sure that the Active checkbox is enabled.
  4. Click .
  5. Drag the new Rule to a sensible place in your Message Rules list. If your Service Provider has configured a set of sensible default Rules, placing this new Rule above the Confirmed Phishing Rule is a good choice.

The completed Rule should look like this:


How did we do?