|Situation||A User wants to use a list of key words to filter unwanted email and/or language. This KB entry will give a brief summation specifically for Key Word Filtering.|
|Solution||See examples and explanation of why some of the word filters will be caught as false positives.|
Proofpoint Essentials Filters - Word Matching
Proofpoint Essentials Filters will allow you to search for word(s) within parts of the message, including:
- Email Subject
- Email Headers
- Email Message Contents
- The entire Raw Email (up to 10,000 lines.) The Raw Email option will be reviewing all text within the message, including headers, body, and any MIME64 attachments in their encoded state.
To begin, create a new filter by navigating to:
Security Settings > Email > Filter Policies > New Filter
The most common way to match these would be a Filter that contains an If statement similar to:
If – Email Message Contents – CONTAIN(S) ANY OF – list, of, words, to, stop
When using a Filter such as this, you need to make sure the list of words to stop are as verbose as possible. Short words, such as the example above... “list, of, words, to, stop” can cause false positives as word boundaries are not used when the message is searched for matches.
An example of a false positive is the example Filter would match the following words, with the match highlighted:
LISTing, kickOFf, WORDSmith, auTOs, nonSTOP (Also triggers nonsTOp)
- Using full words instead of partial words, along with longer words, will help to prevent false positives.
- Searches are also not case sensitive, and will match lower, upper, and mixed case words.
For more information regarding filters and constructing filters for your organization, check out our article About Filters.