Looks like the folks in my org get lots of "probe" e-mails.  Essentially where an e-mail comes in with nothing more then a subject line and one or two words in the body.  I assume the point of this message is to determine which e-mail addresses in their list is alive so that they can begin more targeted attacks.  (they'll know it's dead if they get an undeliverable).

Is there a way to block these "probe" e-mails?  I know the e-mails look pretty benign to EOP, but our users get quite a few and they're not too happy about it.  The actual targeted attacks that follow tend to be rare.

R6