04-21-2020 08:02 AM
Sometimes I think we try to solve issues with the wrong tool, because we know more about the tool directly under our control. In 99.9% of situations when you're looking to block attachments through email, the correct course of action is blocking them on your mail server or SMTP gateway as suggested by @SutareMayur.
Honestly when you are dealing with email its generally gotten to the point where you'll be unable to create a policy that blocks just this one domain from sending attachments on your firewall, because most people are using a shared service or have granted impersonation rights for marketing purposes or the like. So you would have to account for all addresses listed in the orgs SPF record, which likely would match other email that you wouldn't necessarily want to block attachments for. You'd also have to keep that up-to-date when it could be rotating.
OR, you simply do it on your mail server for the domain and be done with it. You can now ensure that the domain isn't allowed to send attachments into your organization and the only time you have to worry about it not working is if they rename their domain.
