The following article uses examples to show how to block users from sending attachments containing sensitive information (e.g. financial information) to the outside world. The script blocks attachments with certain names by flagging particular words.

Scenario:
– Your domain is widget.com
– The administrator wants to block attachments with the word customer in the filename only if it is outbound (not to the local widget.com domain)
– The administrator also wants to block attachments with the word legal

Sieve Script:
Blocking ‘customer’ in attached filename:
if not envelope :contains "to" "widget.com" {
if attachment :matches "*customer*" { discard; stop; }
}

Blocking ‘customer’ and ‘legal’ in attached filename:
if not envelope :contains "to" "widget.com" {
if attachment :matches ["*customer*","*legal*"] { discard; stop; }
}