The regex example I used here should work did you not try this?
Hi Lauren,
Thanks for the reply. I installed the filter shown in the attached picture last night. This morning I received spam from this domain. Here is the spam, with my private information removed:
From john.sartoris-************@improssifish.work Fri Aug 07 08:41:11 2020
Received: from [170.130.213.54] (port=54760 helo=mail.improssifish.work)
by ********** with esmtp (Exim 4.93)
(envelope-from <john.sartoris-*******@improssifish.work>)
id 1k44UZ-009x82-HS
for *******; Fri, 07 Aug 2020 08:41:11 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=improssifish.work;
h=Date:From:To:Subject:MIME-Version:Content-Type:List-Unsubscribe:Message-ID; i=
[email protected];
bh=TZO+wy759zAJiYaw3e7QXevcY5E=;
b=Z/J2f/nKkelAd+An8wGC07ocvZLRl+ddWfHU3D5+bMwYWBcePYTFFgh3PXxEgp4bMsB7AwF3xHTp
AGRmD3KQOPOv//1z0EeBiyNfgFQ4VI8AK0T3WDGFMeYE+vCfgZqq+1vvDOo8n1PHQD2OwukYFReB
JVBWohuG76nlmnWxuEQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=improssifish.work;
b=KgsiioLjUFdTxwdZh3H3trDojsCGzRrPWrwB55MVJpu4T7AiqELJymmOD5b3AkGt37YOPzWv0hHz
pXb1cOiNDtPddos5TwUG7P00k4481tEUhWG00OqTwz9+7DAPGj41RM4HIz3eeHQ2N7eCZZMjJ/k7
rKTGBvOdHtqo9ej8FH8=;
Received: by mail.improssifish.work id h5m8r00001g0 for <*******>; Fri, 7 Aug 2020 13:35:45 -0400 (envelope-from <john.sartoris-*******@improssifish.work>)
Date: Fri, 7 Aug 2020 13:35:45 -0400
From: "John Sartoris" <
[email protected]>
To: <*******>
Subject: You've Been Nominated for inclusion with Who's Who…
Thanks again for your help!
Regards,
Dave