Overview

Content Filtering engines enable administrators to control the content of emails. These engines scan the content of emails as well as attachments and block emails containing content matching the specified content filtering rules.

Introduction

Content Filtering is another crucial feature of any anti-spam/malware solution. Content Filtering engines allow MailEssentials to scan the content of emails and attachments, and block emails containing content matching any configured content filtering rules.

MailEssentials provided 4 independent Content filtering engines which are:

Keyword Filtering blocks emails based on keywords in the body, subject and/or attachments;
Attachment Filtering blocks emails based on the type or size of its attachment(s);
Decompression Engine blocks emails with specific types of compressed files within the email, such
as password-protected archives, recursive archives, and so on;
Advanced Content Filtering blocks emails based on text in the header, subject, or body of the email, using text search or regular expressions. This allows administrators to, for example, prevent users from sending outbound emails with credit card numbers.

This article delves into more details on how the Keyword Filtering engine works as well as how to configure it to effectively identify and block emails using unwanted keywords.

Description

The Keyword Filtering module works by blocking emails based on keywords in the email body or subject as well as any attachments that are in the email. The module enables an administrator to set up rules that filter emails with particular keywords or a combination of keywords in the body or subject of the email.

A rule is composed of:

Keywords to block in the email body, subject or attachment
Actions to take when a keyword is found
The users to which a rule applies.

To configure content rules, navigate to Content Filtering > Keyword Filtering. This page allows you to view, create, enable, disable, or delete rules. All the conditions (keywords) entered are validated as a single condition using the OR logical operator for each entry. This means the rule will be triggered if any of the words in an email are contained in the keywords list.

The default installation includes some basic Keyword filtering policies which can be used as the starting point to create additional rules or amend the existing rules to add or remove keywords as desired. The following three Keyword Filtering rules included in MailEssentials can be enabled and customized if the particular type of spam is a problem in the organization:

CONTENT POLICY: Block Racial Content
CONTENT POLICY: Block Sexual Content
CONTENT POLICY: Block Profanities

The above rules include the most common words used by spammers sending out racial, sexual or obscene emails. Administrators can inspect the keyword list and amend it as required. Additionally, it is also possible to import an external keyword list which should be formatted as an XML document.

It is important to Make sure “Match Whole Word Only” is enabled in order to prevent unintended filtering where emails are blocked because disallowed keywords were found in a substring of an otherwise legitimate word.

The Keyword Filtering module will check the Plain Text and HTML message bodies for specific words or phrases. The functionality of this module is quite basic since the list of words and phrases that can be matched is static.

Filtering may also be performed on keywords in Attachments. However, this can be a resource-intensive process especially when the scanning of large files is required. It is important to note that this feature does not interpret the specific files. It will just try to find the keywords in the binary of the file itself. Although this works well for most files that contain text, there are some exceptions – PDF files and Crystal reports are two exceptions, since the text contained in these documents is normally encoded in a way that makes the text not visible when the document is viewed as binary.

How to Configure Keyword Filtering

The Keyword Filtering rules are applied in the same order, from top to bottom, as they are listed in the Keyword Filtering page (that is, rule with priority value 1 is checked first). The default sequence/priority can be changed by using the (up) or (down) arrows to respectively increase or decrease the priority of the selected rule.