Is there a way for us to define a rule to catch spam using foreign characters?
Oracle Service Cloud
To block emails that do not contain characters from a supported Latin-based language, you can create an incident rule that has a condition to evaluate the email header. If the email header matches certain criteria, then you can configure the rule to either not create the incident or to route the incident to a different queue for review.
The email header includes the character set used for the email content and you can include the foreign character set in the IF condition of the rule. As a result, when the email header includes the specific character set, it will match the rule and trigger the action you indicate.
In order to determine the foreign character set used in the incoming email, the EGW_SAVE_EMAIL_HEADERS configuration setting must be enabled. This setting can be enabled using the path: Configuration Editor > RNT Common > Heading: Modules > Sub-heading: RightNow Email.
To set up the rule, you must first determine the character set used in the emails that you want to block.
- Within your site, find an incident that you want to block based on the characters.
- Open the incident and click the envelope icon to view the email header.
- Within the header, find the line that includes: charset=[character set name]. This tells you the character set to include in your rule. For example, most emails sent from Japan use iso-2022-jp.
- Repeat these steps for emails created from other character sets as well.
With the names of character sets for the emails that you would like to block, you can create a rule similar to the following. Be sure to list the specific character sets in the IF condition:
IF Incident.E-Mail Header matches regular expression character set 1|character set 2|character set 3
THEN assign incident to certain queue or do not create incident
When you first create this rule, it is best to allow the incident to be created and route them to a specific queue or staff member for review. This ensures that the rule is not acting on emails that you want to allow in to your site. Then, after a time, you can determine if the rule is adequately catching the emails of interest and then you can modify the rule to not create the incident.