How to create custom email security rules in Emailguard for B2B workflows

If you’re responsible for keeping your company’s email safe, you know the default settings only go so far—especially for B2B workflows where one weird attachment or a spoofed vendor email can bring everything to a screeching halt. The good news: with Emailguard, you can create custom security rules tailored to your actual business needs. The bad news: it’s easy to overcomplicate things or chase “best practices” that don’t actually help.

This article is for admins, IT leads, and anyone sick of playing whack-a-mole with generic email filters. We’ll break down how to create rules that work, what to skip, and how to avoid making your life harder than it needs to be.

Why B2B Workflows Need Custom Email Rules

Let’s be blunt: most “out-of-the-box” email security is too generic for B2B. Real companies have:

  • Vendors who send invoices as weirdly named PDFs.
  • Partners who CC 15 people and forward sensitive stuff.
  • One-off workflows that break if a legit email gets flagged as spam.

You want to block the bad stuff—phishing, malware, those “urgent wire transfer” scams—without nuking your daily business. Default rules rarely get this balance right.

Custom rules let you:

  • Allow legit workflow emails that look suspicious to generic filters.
  • Block high-risk attachments or senders specific to your business.
  • Get visibility into what’s slipping through and tweak as needed.

But don’t get seduced by the idea of “perfect” security. Every rule you add is another thing you’ll need to test, troubleshoot, and explain to colleagues.

Step 1: Map Out Your Real-World Email Workflows

Before you click anything in Emailguard, map out what “normal” looks like for your B2B email flows. Skip this, and you’ll either over-block or miss obvious threats.

Ask yourself:

  • Who are your key senders and recipients? (Vendors, partners, departments)
  • What types of files or links do you regularly exchange?
  • Are there automated systems or apps sending/receiving emails?
  • Which emails always cause problems or false positives?

Pro tip: Talk to your finance, HR, and sales teams. They know which emails matter—and which ones always get stuck in spam.

What to ignore: Don’t waste time mapping every edge case. Focus on the 80% of traffic that matters most to your business.

Step 2: Get Comfortable in Emailguard’s Rule Builder

Log into Emailguard and head to the “Custom Rules” or “Policy Engine” section (names can vary by version, but it’s the same idea). You’ll see a list of existing rules and an option to add new ones.

Key things to know:

  • Rules run in order. Top rules are checked first—so prioritize the most important.
  • Conditions are flexible. You can filter by sender, recipient, subject, attachment type, header content, and more.
  • Actions decide what happens. Block, quarantine, tag, alert, or allow—the usual suspects.

Don’t get distracted by:

  • Fancy “AI” options that promise to do everything. In practice, they’re hit-or-miss and often lack transparency.
  • Dozens of rarely-used conditions. Stick to what actually fits your workflow.

Step 3: Build Your First Custom Rule (And Keep It Simple)

Let’s walk through a basic example: block executable attachments from external senders, but allow invoices from your trusted vendors.

1. Block Risky Attachments From Unknown Senders

  • Condition: If sender is outside your company domain
    AND
    attachment file type is .exe, .js, .scr, or .bat
  • Action: Quarantine or block the email.

Why it works: Most legitimate B2B emails shouldn’t be sending these file types. If you have a legit use case, whitelist that sender explicitly.

2. Allow Vendor Invoices That Look Suspicious

  • Condition: If sender is in your approved vendor list
    AND
    subject contains “invoice” or “bill”
    AND
    attachment is .pdf or .docx
  • Action: Allow and tag as “Vendor Invoice” for easier searching.

Why it works: Prevents a legit invoice from getting stuck just because it “looks suspicious” to a generic filter.

3. Flag Suspicious Replies to Wire Transfer Requests

  • Condition: If subject contains “wire transfer” or “payment”
    AND
    reply-to address doesn’t match sender domain
  • Action: Quarantine and alert IT.

Why it works: Most B2B wire scams rely on fake reply-to addresses.

Pro tip: Always test new rules with a dry run or “log only” mode if available. See what would be caught before you start blocking real traffic.

Step 4: Test Your Rules With Real Data

Don’t trust a rule just because it sounds good. Test it.

  1. Use real (non-sensitive) emails: Forward samples to a test inbox or staging environment.
  2. Check false positives and negatives: Did legit emails get flagged? Did something dangerous sneak through?
  3. Review logs: Emailguard logs every rule hit. Look for unexpected patterns.

If you see a lot of false positives:

  • Loosen your conditions (e.g., add more trusted senders).
  • Make the action less harsh (tag instead of block).
  • Communicate with users so they know why emails look different.

If you’re not catching enough:

  • Tighten up sender lists.
  • Add more keywords or attachment types.
  • Consider combining conditions (e.g., suspicious subject and attachment).

What doesn’t work: Relying solely on vendor-provided “test” emails. They’re usually too clean. Real-world junk is messier.

Step 5: Roll Out Gradually (And Don’t Set It and Forget It)

It’s tempting to build a bunch of rules, turn them all on, and walk away. Don’t. Start small, monitor, and adjust.

  • Apply rules to a pilot group first. Pick a department that won’t mind being guinea pigs.
  • Communicate clearly. Let people know what’s changing and why. Invite feedback.
  • Monitor daily for the first week. Look for spikes in quarantined or missed emails.
  • Iterate. Remove, tweak, or add rules based on what you see.

What to ignore: The urge to “secure everything now.” Overly aggressive rules break business processes and annoy everyone. Security is a process, not a box to tick.

Step 6: Review and Maintain Your Rules Regularly

Custom email security isn’t a one-and-done job. Your business changes. Vendors change. Attackers get smarter.

  • Set a calendar reminder to review rules quarterly.
  • Archive rules you don’t need anymore.
  • Ask end users if anything’s getting blocked or let through by mistake.
  • Stay skeptical of automatic rule suggestions. Only deploy what you understand and can justify.

Bonus: Common Mistakes (And How to Avoid Them)

  • Too many rules: Every new rule is a maintenance headache. Only add what you’ll actually use.
  • Ignoring edge cases: If a rule breaks payroll or vendor payments, it’s not worth it.
  • Relying on “magic” features: Machine learning is nice, but it’s not a substitute for knowing your own email flows.
  • Not testing enough: Never trust a rule until you’ve seen it work with your real email.

Keep It Tight, Review Often

Custom rules in Emailguard can make your B2B email way safer—if you don’t get carried away. Start simple, focus on your actual workflows, and check in regularly. No security tool is “set and forget,” but with a little attention, you can stop most threats without stopping your business.

When in doubt, err on the side of less complexity. You can always add more rules later—but it’s a pain to untangle a mess. Good luck, and don’t let email security become another overengineered project you dread maintaining.