A while ago we began getting an unusual amount of phishing emails that have made it through our spam filters. Rather than try to block the spam/phish emails, I’ve decided to try and stop our users from sending sensitive information through email. 🙂</p>

Exchange 2007 supports server side transport rules which are great for a lot of things. The best part though is that the recognize regular expressions. Using the example of social security numbers we can setup a transport rule to look for numbers with the pattern of: ###-##-####

To setup a rule open the Exchange Management Console and click on the Hub Transport role and then on the Transport Rules tab. Click on New Transport Rule and that will open up the rule wizard.

</span>

    </p>
  1. Give the rule a name.
  2. On the conditions page of the wizard select “when the subject field or the body of the message contains text patters”.
  3. click on the words “text patters” and use the string: \d\d\d-\d\d-\d\d\d\d
  4. click ok and click next to move on to the next page of the wizard.
  5. on the actions page select the check box next to “send bounce message to sender with enhanced status code
  6. </span>

      </p>
    1. You can modify the bounce message to display anything you need it to.
    2. </span></ol>

      </p>

    3. On the next screen you can add exceptions if you want, but in the case of social security numbers it would probably be best not to.
    4. </span></ol>

      Thats pretty much it. Send a test message to an outside address with a fake SSN in it like 123-45-6789 and you should see a bounce message almost right away.</p>

      If you would like to test your regular expressions there is a good tester here.
      There is also some good information about putting together regular expressions for transport rules in exchange 2007 over at Exchange Ninjas.</span>

      UPDATE:
      One note about this regex is that it won’t block SSN’s that are just the 9 digits, for example: 123456789. If anyone knows of a good way to block those or a better way to block SSNs in general please let me know.