When/How to Use Regex in a Mimecast Blocked Sender Policy

Blocked Sender Policy with regex is useful when you want to block or allow specific email addresses or domains based on patterns. Regex allows for flexible matching, making it ideal for scenarios where you would like to block all emails from a specific top-level domain/mailbox name or Allowing messages from a group of related subdomains/mailbox names.  Say you want to block all emails from subdomains of example.com. You can use the following regex pattern:

^.*@.*\.example\.com$

This pattern matches any address ending with @sub.example.com, @sub2.example.com, etc. Configure this regex in your Mimecast policy to effectively block these senders. Always be aware that these entries should be thoroughly tested before live implementation. Keep in mind that these will not work in profile groups and will have to have a completely new policy created using an Individual email address (your regex entry) as the from criteria.

 

Example of how to use regex in Mimecast

 

Regex can be used for many policies within Mimecast. This includes Content Examination, Impersonation Protection, and in any from/to scooping of a policy ( most commonly used for blocked senders ).

Regex allows you to block in ways that typical address or domain blocks cannot. For example we wanted to block all gmail addresses which started with “Myoffice” (ex. myofficeonlinemailbox@gmail.com and myofficeonline123@gmail.com. We did not want to just block individual addresses and we did not want to block all email addresses starting with myoffice or all gmail. The solution is regex.

In the past this would require much research on how to create regex and use it in the policy. Now, with tools like chatgpt and copilot you can create regex my asking AI how to do it. And it works fast!

In our example the solution is to use regex:^myoffice.*@gmail\.com$

You can use this only in policies and NOT profile groups where it does not work currently.

You can apply the same logic to content exam policies.

If you would like help with creative ways to block or expand security through content examination just let us know!

Previous
Previous

DKIM 2048 in Mimecast

Next
Next

Mimecast or Proofpoint?