Re: Regex Expression to filter email for Barracuda Email Appliance

higginss20:

They may not support regular expressions simply because there are better ways to handle the problem. I'd suggest contacting Barracuda not with a RegEx question, but a "what's the best way to avoid this situation" question, as they're surely familiar with the problem and have well-tested methods for handling this problem.

If you had to use regular expressions, then noticing his display name and reject all the spammy variations is tougher than it might appear to be, especially if the appliance doesn't use full Perl regular expressions. Not only do you have to deal with minor formatting variations, but there may be difficulties with Unicode look-alike characters that could fool you and other assorted nonsense. I'm nowhere near a regex guru, so perhaps another monk might chime in with some good suggestions--there are several monks here that always impress me with their regex-based solutions to some problems.

If I had to solve the problem, then some things I might try would be (assuming you can do it with the device in question):

Whitelist "John Smith <john.smith@gmail.com>" so you always accept the proper address, then try to recognize a display name of "John Smith" to add a warning to any incoming EMail (as there are certainly other John Smiths in the world that may want to communicate with your company).
Sidestep the problem by simply removing any display name so employees will only see the real EMail address. Maybe also add a warning indicator to your EMails on any non-internal domains (as I'm guessing you used gmail.com just as a stand-in).

...roboticus

When your only tool is a hammer, all problems look like your thumb.

Comment on Re: Regex Expression to filter email for Barracuda Email Appliance

Replies are listed 'Best First'.
Re^2: Regex Expression to filter email for Barracuda Email Appliance by davido (Cardinal) on Feb 12, 2021 at 20:32 UTC
I think this is the right answer. Pay for the service or software that experts in this problem domain provide for solving the problem. The OP's heuristics will eventually fall short of being adequate, or will generate false positives in some esoteric cases that don't matter until something important gets rejected. There are people for whom email safety is a core competency. For the rest of us, there are better problems to spend time solving. On the other hand, if a regex solution really is needed, I'd still break it into two; one that triggers if the person's name is detected, and another that validates there is a proper email address, or that flags if there is not. If it has to be done from a single regex, you could do a negative lookahead, but it just gets more complicated. Here's a working example with a negative lookahead. But I consider it fragile: `#!/usr/bin/env perl use strict; use warnings; use feature qw(say); my @strings = ( 'From: John Doe <peter@piper.com>', 'From: John Doe <john@doe.com>', 'From: John Doe', ); foreach my $string (@strings) { if ($string =~ m/^From:\s+John\s+Doe(?!\s+<john\@doe\.com>)/) { say "BAD: $string" } else { say "GOOD: $string" } }` [download] Dave	[reply] [d/l]

Replies are listed 'Best First'.

Re^2: Regex Expression to filter email for Barracuda Email Appliance
by davido (Cardinal) on Feb 12, 2021 at 20:32 UTC

I think this is the right answer. Pay for the service or software that experts in this problem domain provide for solving the problem. The OP's heuristics will eventually fall short of being adequate, or will generate false positives in some esoteric cases that don't matter until something important gets rejected. There are people for whom email safety is a core competency. For the rest of us, there are better problems to spend time solving.

On the other hand, if a regex solution really is needed, I'd still break it into two; one that triggers if the person's name is detected, and another that validates there is a proper email address, or that flags if there is not.

If it has to be done from a single regex, you could do a negative lookahead, but it just gets more complicated. Here's a working example with a negative lookahead. But I consider it fragile:

#!/usr/bin/env perl

use strict;
use warnings;
use feature qw(say);

my @strings = (
    'From: John Doe <peter@piper.com>',
    'From: John Doe <john@doe.com>',
    'From: John Doe',
);

foreach my $string (@strings) {
    if ($string =~ m/^From:\s+John\s+Doe(?!\s+<john\@doe\.com>)/) {
        say "BAD: $string"
    }
    else {
        say "GOOD: $string"
    }
}
[download]

Dave

[reply]
[d/l]