Help
FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
alya
Staff
Staff

Created on ‎07-17-2023 12:09 AM Edited on ‎08-05-2025 03:59 AM By Moderator

Article Id 264330

Technical Tip: Detect emails with an empty subject

Description This article describes how to use a dictionary profile to detect emails with an empty subject.
Scope All FortiMail versions.
Solution
  1. Go to Profile -> Dictionary.
  2. Create a new dictionary with the following regex expressions:

 

^Subject: $

 

It is necessary to enable:

  • Search header.

 

no subject.png

 

dictionary.png

 

     3. Go to Profile -> Content and edit the Content Policy in use -> Expand Content Monitor and Filtering menu -> New.

 

content profile.png

 

Result:

 

log .png

 

log detail.png

 

Note:

To avoid false positive detections, it is necessary to add the below:

 

[EHeAdEr]

 
67.png

 

When using the Dictionary pattern, from\:.*\@customerdomain\.com.* and 'search header’, this will also check the headers of the original mail and the headers of other attached mails.

 

In a dictionary scan, the headers of each MIME part are also considered as email headers.

It is necessary to include '[EHeAdEr]' in the pattern to search only the original email header (actual mail).

For example, [EHeAdEr] From\:.*\@customerdomain\.com.*.

 

Note: The above RegEx uses a specialized match condition [EHeAdEr] that is unique to FortiMail and should be removed when testing pattern(s) with RegEx testing tools like www.regex101.com. 

 

1014
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.