1 Reply Latest reply on Sep 1, 2015 5:17 PM by kwidhalm

    Invalid blocking based on cardnumber rule

    stephans

      Recently we've been having troubles with customers emailing us and having their email blocked unexpectedly.  The messages get quarantined "Quarantined by Content policy (filter 'Credit Card Number')" even though the messages themselves very clearly do not actually contain card numbers.  After careful examination we're finding that links in the email seem to trigger the filter, and the main culprit seems to be email tracking links inserted by SideKick by Hubspot.

       

      Example link:

       

      <http://t.sidekickopen17.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XZs2zW-gY W5vwsYl8q5T4zW1p1hXH56dNzwf7drMq-02?t=http%3a%2f%2fcp.mcafee.com%2fd%2f2DRPoQ76Q m6nzhOeoKUCrKrjhpd7byrPBT3qqb9EVsjusod79Jd5AQsK9Len76QrIIzzhOY_tUS8EhQHUaJih4-F3 jPdJyxOVKR94jWAdfcSSa7bCQ7bTvI-_R-ovvopp7tuVtddVDzhOMyqem4TKmKzp55mXbfaxVZicHs3j qpJYTvAS4kPhPtBddMTsS03DR98ulBoHlrU8zKnPQpVr7Ythug0sCgKc3zN9V0e6MIg0le5MZMZcpd7c 1I2057jv0o2q9yw2BO870lYOoE1PTxpY4I2w2EH8AM62XXy0c533EV28Sb5XFAFD4VPmEfpQuCWfjtCo BevNVsuCWgAuvebt9J104kAs-CU-qejhOCeKeo7cInuq208mAttTkSvogbE8uebI9L8BO3y7BTDrE3y2 r2abEUSwjGveI0kgAuvebt9YKrh7np76NChVYUJQCq82VEw48kcv4SyYr9eosDE4R&si=5265992707473408&pi=b263ed1a-d2b5-4947-a900-77f07125985d>

       

      It's pretty exasperating having to manually release these (or worse, email our customers and tell them to uninstall software and remove footers from their email to prevent these false positives).

       

      Any suggestions on how to better train the card number filter?

       

      Thanks!

        • 1. Re: Invalid blocking based on cardnumber rule
          kwidhalm

          Hello stephans,

           

          The credit card content filter runs a registered expression that looks for specific patterns that are common to valid credit card numbers.  In some cases, these filters will trigger off of content with in URLs, headers or even source code of a message.  You can change the action we take on an item and have the subject tagged rather than quarantine otherwise, the only option to avoid this is to disable the content filter.

           

          Karen Widhalm

          Product Specialist

          SaaS Email and Web Security

          Intel Security