Adding Anti-Phishing Exceptions (Allow-List or Block-List Rule)

You can add Allow-List or Block-List rule from any of these:

  1. From the Anti-Phishing Exceptions
    1. Go to Security Settings > Exceptions > Anti-Phishing.
    2. In the drop-down from the top of the page, select the require exception type (Allow-List or Block-List).
    3. Under Filters, define the criteria for filtering the emails, and click Search.
    4. After refining the email criteria, click Create Allow-List Rule to create a allow-list rule or Create Block-List Rule to create a block-list rule.
    5. If required, enter a description for the rule in the Comment field and click OK.
  2. From the Mail Explorer (see Creating Allow-List and Block-List Rule)
  3. From the email profile page
    1. Open the required email profile.
    2. Under Security Stack, select Similar Emails / Create Rules.
    3. Under Filters, define the criteria for filtering the emails, and click Search.
    4. After refining the email criteria, click Create Allow-List Rule to create a allow-list rule or Create Block-List Rule to create a block-list rule.
    5. If required, enter a description for the rule in the Comment field and click OK.
      Note:

      If a phishing email is sent to multiple recipients, the system allow-lists it only if a rule applies to all recipients. If even one recipient does not have an allow-list rule, the system applies the phishing workflow to everyone.

Filters to refine the email criteria for Allow-List or Block-List

While refining the criteria for creating Allow-List or Block-List, you can use these filters.

Filter Name Description
Date Received

Events in the last year, month, week, day, or hour.

Also, using Range, you can choose to select the emails on a specific date and time.

Quarantine State

Select the events based on these quarantine states.

  • Quarantined

  • Non Quarantined

  • Display All

Recipients

Emails that contain a specific recipient or a recipient that match a specific term.

Subject

Emails that match a specific subject.

Sender Name

Emails from a specific sender.

Sender Domain

Emails from a specific domain.

Sender Email

Emails from a specific email address.

Client Sender IP

Emails from a specific client and IP address.

Server IP

Emails from a specific server IP address.

Supports the CIDR notation for IP ranges.

Examples:

  • Exact IP - 192.0.2.1

  • Subnet Mask - 192.0.2.0/24 or 10.0.0.0/8

Links in body

Emails that has links to external resources in the body of the email.

Attachments MD5

Emails that has attachments with specific MD5.

Headers

Emails that contain specified headers.

Note:

You can use the Headers field to create an Allow-List or Block-List, but you can not filter the emails based on headers.