We have seen products like Proofpoint & Ironport use Pattern blocks quite effectively, Today we will go ahead & test the same functionality in office 365.
Below rule is demonstrated as an example, there can be other regex expressions that can also be utilized.
Scenario: Lot of spam was being received from Envelope sender, numbers are always getting changed, only Name is unique.
We can't block googlegroups so we arrived at a conclusion to use regex pattern:
You can test this pattern before implementation at https://regex101.com/
Now lets create a pattern block in Office 365
Launch O365 admin console -->Admin --> Exchange --> Mailflow
Click on Plus to create a New Rule
Click on More Options, Provide Name to the rule
Apply this rule if Sender --> Sender Address Matches any of the Text Pattern
Do the following --> Deliver the message to the Hosted Quarantine
Scroll down & Match Sender address in Message--> Select Envelope --> Save
Also, Please check Stop processing more rules.
Note:- If you use grouping, which is allowed in Cisco Ironport & not in o365, you will receive an error as shown below so you have to avoid it.
Now let's test by sending a message based on pattern, I had created one test pattern which matches my personal id so that I can test the above approach..
Message was successfully quarantined :)