Can I allowlist or blocklist individual users via email addresses in the HAT?

Available Languages

Download Options

PDF (4.4 KB)
View with Adobe Reader on a variety of devices
ePub (83.1 KB)
View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle) (68.7 KB)
View on Kindle device or Kindle app on multiple devices

Updated:November 18, 2020

Document ID:118204

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Question

Answer

Related Information

Question

Can I allowlist or blocklist individual users via email addresses in the Host Access Table (HAT)?

Answer

No, you cannot allowlist or blocklist individual users via email addresses in the HAT. Actions determined at the HAT level occur before the SMTP conversation is engaged. The remote host is not allowed to proceed to the point where they can issue 'mail from' or 'rcpt to' commands.

The HAT is driven by Sender Groups. Sender Groups allow the following formats for adding 'senders':

IPv6 addresses such as 2001:420:80:1::5
IPv6 subnets such as 2001:db8::/32
IPv4 addresses such as 10.1.1.0
IPv4 subnets such as 10.1.1.0/24 or 10.2.3.1
IPv4 and IPv6 address ranges such as 10.1.1.10-20, 10.1.1-5 or 2001::2-2001::10.
Hostnames such as example.com.
Partial hostnames such as .example.com.

To apply policies to individual users, you can create a unique User-Based Policy or create a message/content filter.