Compliance Transport Rules

I had a customer recently ask me to help them create Exchange transport rules to block credit card numbers and social security numbers from being sent via email. This lead me to research how credit card numbers are formatted and how Exchange transport rules uses regular expressions. Below are the commands I provided to the customer to create rules to block credit cards and social security numbers as well as notes I took on number formatting.

Blocking without blobs

The rules below will not block 16,15,and 9 digit number blobs – Meaning, someone could send 123234355 as their SOC and it would go through. Additionally they only block the numbers grouped with a space, period, or hyphen/dash between the number groupings (\s|.|-)

Block SSN numbers

New-TransportRule -Name "Social Security Number Block Rule" -SubjectOrBodyMatchesPatterns "\d\d\d(\s|.|-)\d\d(\s|.|-)\d\d\d\d" -RejectMessageEnhancedStatusCode "5.7.1" -RejectMessageReasonText "This message has been rejected because of content restrictions"

 

Block Credit Card numbers

New-TransportRule -Name "Visa_Mastercard_Discover_Block Rule" -SubjectOrBodyMatchesPatterns

 "\d\d\d\d(\s|.|-)\d\d\d\d(\s|.|-)\d\d\d\d(\s|.|-)\d\d\d\d" -RejectMessageEnhancedStatusCode "5.7.1" -RejectMessageReasonText "This message has been rejected because of content restrictions"

 

Block Amex Numbers

New-TransportRule -Name "Amex_Block Rule" -SubjectOrBodyMatchesPatterns"\d\d\d\d(\s|.|-)\d\d\d\d\d\d(\s|.|-)\d\d\d\d\d" -RejectMessageEnhancedStatusCode "5.7.1" -RejectMessageReasonText "This message has been rejected because of content restrictions"

Blocking with blobs

The rules below will  block 16 and 15 digit blobs of numbers that start with 3, 4, 5, and 6011 as is apprriate for card format. The rules will also block 9 digit blobs to block SSN numbers with out number breaks.  Additionally they block the numbers grouped with a space, period, or hyphen/dash between the number groupings (\s|.|-)

Block SSN numbers

New-TransportRule -Name "Social Security Number Block Rule" -SubjectOrBodyMatchesPatterns "\d\d\d(\s|.|-)\d\d(\s|.|-)\d\d\d\d\s","\d\d\d\d\d\d\d\d\d\s" -RejectMessageEnhancedStatusCode "5.7.1" -RejectMessageReasonText "This message has been rejected because of content restrictions"

 

Block Credit Card numbers

New-TransportRule -Name "Visa_Mastercard_Discover_Block Rule" -SubjectOrBodyMatchesPatterns

 "\d\d\d\d(\s|.|-)\d\d\d\d(\s|.|-)\d\d\d\d(\s|.|-)\d\d\d\d","4\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\s","5\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\s","6011\d\d\d\d\d\d\d\d\d\d\d\d(\s" -RejectMessageEnhancedStatusCode "5.7.1" -RejectMessageReasonText "This message has been rejected because of content restrictions"

 

Block Amex Numbers

New-TransportRule -Name "Amex_Block Rule" -SubjectOrBodyMatchesPatterns"\d\d\d\d(\s|.|-)\d\d\d\d\d\d(\s|.|-)\d\d\d\d\d","3\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\s" -RejectMessageEnhancedStatusCode "5.7.1" -RejectMessageReasonText "This message has been rejected because of content restrictions"

 

Number formatting notes

Social Security number is a 9 digits long. Examples include:

  • 123-23-7788 " \d\d\d(\s|.|-)\d\d(\s|.|-)\d\d\d\d"
  • 123 23 7788
  • 12323788 "\d\d\d\d\d\d\d\d\d\(\s)"

The Visa card format is 16 digits long and starts with a "4". Examples include:

  •  4xxx-xxxx-xxxx-xxxx  ||  "\d\d\d\d(\s|.|-)\d\d\d\d(\s|.|-)\d\d\d\d(\s|.|-)\d\d\d\d"
  •  4xxx xxxx xxxx xxxx
  •  4xxxxxxxxxxxxxxx "4\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\s"

 The MasterCard format is 16 digits long and starts with a "5". Examples include:

  •  5xxx-xxxx-xxxx-xxxx ||  "\d\d\d\d(\s|.|-)\d\d\d\d(\s|.|-)\d\d\d\d(\s|.|-)\d\d\d\d"
  •  5xxx xxxx xxxx xxxx
  •  5xxxxxxxxxxxxxxx "5\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\s"

 The Discover card format is 16 digits long and starts with "6011". Examples include:

  •  6011-xxxx-xxxx-xxxx ||  "\d\d\d\d(\s|.|-)\d\d\d\d\d\d(\s|.|-)\d\d\d\d\d"
  •  6011 xxxx xxxx xxxx
  •  6011xxxxxxxxxxxx "6011\d\d\d\d\d\d\d\d\d\d\d\d(\s"

 The American Express card format is 15 digits long and starts with a "3". Examples include:

  •  3xxx-xxxxxx-xxxxx ||  "\d\d\d\d(\s|.|-)\d\d\d\d\d\d(\s|.|-)\d\d\d\d\d"
  •  3xxx xxxxxx xxxxx
  •  3xxxxxxxxxxxxxx "3\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\s"

 

See the following link for a transport rule regular expression reference — http://technet.microsoft.com/en-us/library/aa997187.aspx

Related Posts with Thumbnails

About Kevinm