Given the following message Raw source:
X-Threatsim-Header: http://threatsim.com/speartraining?id=5770d1f44a
X-Ms-Exchange-Organization-Avstamp-Mailbox: MSFTFF;1;0;0 0 0
Content-Type: multipart/mixed; boundary="–==_mimepart_589b7f8d1a207_a6b2e456b87846572"; charset=“UTF-8”
X-Mailtags-Version: 4
X-Threatsim-Id: 5770d1f44a
How do I create a blacklist rule to key of of the specific header? If Header exists it is SPAM
For example -> X-Threatsim-Id or X-Threatsim-Header? The blacklist has limited headers to key from - its not “Return Path” or "Received (any)