Prepending a warning message to Externally Originating Email in Exchange 2016

Lee W, MVPTechnology and Business Process Advisor
CERTIFIED EXPERT
Jack of All Trades with an interest in facilitating networking through social interaction of IT Professionals
Published:
Spam and phishing are threats to every network with email. Combat these attacks with a prepended warning to your users!
In recent years, I've noticed some replies to my emails have included a warning message like:

This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. 

This is one of the many layers of security you can implement to protect your company from malicious software and social engineering scams. By reminding your employees and highlighting when a message is actually from outside the company, it can prevent scammers from tricking staff into sending money or corporate secrets outside the company or opening an unexpected document that looks like it's from your boss but is actually from someone who simply used his name in their email.

So how does one prepend such a warning in Exchange? Good question! I thought it would be easy and even easily found. It's not. So follow these steps and setup your warning!

  1. Log in to the Exchange Admin Center and click on Mail Flow.  
  2. Click on Rules at the top (it's probably already there) and click on the large + sign to create a new rule, selecting Apply disclaimers...
     
     
  3. Skip the name (for now) and click in the box for selecting *Apply this rule if... and click on The sender is located...
  4. A new box should pop up titled Select Sender Location. Click in the drop down and select Outside the organization. Then click OK. You may notice the rule Name is now filled in. You can keep it, or enter your own name for the rule.
     
  5. If you click the *Do the following... drop down, you'll notice there is no option to prepend anything.  Thanks for making this easy Microsoft! Click on More options... towards the bottom of the new rule window.
  6. Once More options... is clicked, you'll notice three new buttons appear, add conditionadd action, and add exception. And if you click the drop down now for *Do the following..., you'll also notice new options. If Apply a disclaimer to the message... is selected, you get a sub selection menu for choosing append a disclaimer or prepend a disclaimer


  7. Now enter your text and the fall back action.  I recommend using HTML text that will create a colored box around the warning to draw more attention to it.  Here's a sample:
    <div style="border:solid #9C6600 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt"> <p class="MsoNormal" style="line-height:12.0pt;background:#FFEE99"><b><span style="font-size:10.0pt;color:#9C6500">CAUTION:</span></b><span style="font-size:10.0pt;color:black"> This email originated from outside of the organization. Do not click links or open unexpected attachments unless you recognize the sender and know the content is safe.<o:p></o:p></span></p> </div> <p>&nbsp;</p>
    And the fall back action I use is Wrap (see Final notes below for details on the fall back action).
  8. Save the rule and test.

Final notes:
Fall back action options are as follows (as documented at https://docs.microsoft.com/en-us/exchange/policy-and-compliance/mail-flow-rules/actions?view=exchserver-2019)

Wrap: The original message is wrapped in a new message envelope, and the disclaimer text is inserted into the new message. This is the default value.
 • Subsequent mail flow rules are applied to the new message envelope, not to the original message. Therefore, configure these rules with a lower priority than other rules.
 • If the original message can't be wrapped in a new message envelope, the original message isn't delivered. The message is returned to the sender in an NDR.

 Ignore: The rule is ignored and the message is delivered without the disclaimer

 Reject: The message is returned to the sender in an NDR.

While I have not tested this in Exchange 2019, I would expect the procedure to be substantially the same.
1
52 Views
Lee W, MVPTechnology and Business Process Advisor
CERTIFIED EXPERT
Jack of All Trades with an interest in facilitating networking through social interaction of IT Professionals

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.

Get access with a 7-day free trial.
You Belong in the World's Smartest IT Community