This article will help with creating a set of 3 or more rules, that add an Exclusion Message header to emails that require being bypassed for Linkscan.
This is useful when a customer is trying to exclude by a sending domain, and a URL within an email, and trying to do it in a single rule.
Doing all of this in a single rule does not work, as the Conditions rely on AND logic, and if a single one cannot be matched the rule wont apply.
Be patient setting up this rule, and make sure to back track step by step if there are any issues.
Method:
1. Login to the USS portal
2. Navigate to Email Security -> Custom Rule Data
3. Create an entry called Linkscan Bypass URL if it does not exist. This is a regex of the URL’s that you want to exclude, for example:
For more information on creating the regex entries base on URL see this KB article: https://help.clouduss.com/ems-knowledge-base/link-scan-on-demand-url-protection
4. Save the Entry.
5. Create a new Rule Data of senders and email addresses that need to be excluded, for example:
6. Save the entry
7. Create a “Linkscan to exclude” rule regex with the following entry:
x\-linkscan\-exclude\: True
8. Save the entry.
9. Navigate to the Message rules.
10. Create a new rule “Linkscan bypass sender” to detect sender to exclude with the following entries
NOTE: The add to message header value must be “x-linkscan-exclude: True”. (IT IS ESSENTIAL YOU DO NOT REGEX THE ACTION "Add Message Header". DO NOT add x\-linkscan\-exclude\: True but rather x-linkscan-exclude: True . If you do this, the rule will not apply any of the headers.)
11. Save the rule and navigate back to the message Rules.
12. Create a New rule to detect the URL in any emails called “Linkscan bypass URL” with the following entries
13. Save the rule and navigate back to the message rules.
14. Edit the Linkscan rule which does the write URL, to be the following:
NOTE: Any existing entries should be removed so it matches above.
15. Move the rules so the newly created rules are above the Linkscan rule as seen here:
--------- ---------- --------- --------- --------- --------- --------- --------- --------- --------- --------- --------- --------- ---------
Extra notes (Do NOT copy from this point):
If you send this to a customer, and they say it is still not applying, double check every aspect of the rule being set up, as well as the email they tested with. If you see the following in the actions tab of a test email, like so:
(DO NOT USE THE BELOW SCREENSHOT TO SEND TO CUSTOMERS. IT IS FROM A CUSTOMERS DOMAIN.) 
It shows that the customer regexed the Action for adding the header.
However, if you find that after checking the rule, that the URL or email is still being rewritten, it is best to double check the custom rule data associated to the rules, and use regex101.com to compare entries.
An example of that would be:
If an entry matches, it will highlight in blue. If you ever need a hand with Regex, please contact Tony or Gareth for assistance, or refer to this KB article if you want a challenge: https://help.clouduss.com/ems-knowledge-base/how-to-use-custom-rule-data-formerly-dictionaries