Who rated this post

Who rated this post

SteveCantwell
Cyber Elite

You may be able to try and create a FQDN object for the domain, and allow traffic into the FW, but create a security profile for file blocking and just do not any attachments.

 

Using wireshark you can try and create a custom application that is looking for the domain name in the smtp or imap response headers, and create a policy to deny.

 

Just some ideas.

Help the community: Like helpful comments and mark solutions
Who rated this post