Emails Getting Through Mimecast With Employee Names in the Subject Line

Emails with executive or other employee names as the subject line have been getting through Mimecast filtering for impersonation, spam, and all other policies, ultimately arriving in the users inbox. These are phishing emails that sometimes do not meet the criteria for any security policy.

In our experience it’s overwhelming true that any email which contains only a name in the subject line, especially that of an executive or decision maker of your organization is not a desirable email. At this time we currently see these coming from Gmail most often.

Solution: Our solution at this time ( outside of upgrading offerings from Mimecast ) is a simple regex based content examination policy. This policy simply looks for subjects that ONLY contain a name and nothing else and places it on a hold.

Here is a shot of what this looks like:

 You will simply take your VIP list of names and place them within this regex using this format. It’s advisable to audit first ( using smart tags or notifications ) to test policies before setting the action to hold. Here is a copyable version of the regex: 1 regex ^\s*John Smith\s*$

 We have many more very useful regex to solve your issues. Give us a call or email and we are happy to help.