Prepending a warning message to Externally Originating Email in Exchange 2016
Jack of All Trades with an interest in facilitating networking through social interaction of IT Professionals
Published:
Browse All Articles > Prepending a warning message to Externally Originating Email in Exchange 2016
Spam and phishing are threats to every network with email. Combat these attacks with a prepended warning to your users!
In recent years, I've noticed some replies to my emails have included a warning message like:
This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
This is one of the many layers of security you can implement to protect your company from malicious software and social engineering scams. By reminding your employees and highlighting when a message is actually from outside the company, it can prevent scammers from tricking staff into sending money or corporate secrets outside the company or opening an unexpected document that looks like it's from your boss but is actually from someone who simply used his name in their email.
So how does one prepend such a warning in Exchange? Good question! I thought it would be easy and even easily found. It's not. So follow these steps and setup your warning!
Final notes:
Fall back action options are as follows (as documented at https://docs.microsoft.com/en-us/exchange/policy-and-compliance/mail-flow-rules/actions?view=exchserver-2019)
Wrap: The original message is wrapped in a new message envelope, and the disclaimer text is inserted into the new message. This is the default value.
• Subsequent mail flow rules are applied to the new message envelope, not to the original message. Therefore, configure these rules with a lower priority than other rules.
• If the original message can't be wrapped in a new message envelope, the original message isn't delivered. The message is returned to the sender in an NDR.
Ignore: The rule is ignored and the message is delivered without the disclaimer
Reject: The message is returned to the sender in an NDR.
While I have not tested this in Exchange 2019, I would expect the procedure to be substantially the same.
This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
This is one of the many layers of security you can implement to protect your company from malicious software and social engineering scams. By reminding your employees and highlighting when a message is actually from outside the company, it can prevent scammers from tricking staff into sending money or corporate secrets outside the company or opening an unexpected document that looks like it's from your boss but is actually from someone who simply used his name in their email.
So how does one prepend such a warning in Exchange? Good question! I thought it would be easy and even easily found. It's not. So follow these steps and setup your warning!
- Log in to the Exchange Admin Center and click on Mail Flow.
- Click on Rules at the top (it's probably already there) and click on the large + sign to create a new rule, selecting Apply disclaimers...
- Skip the name (for now) and click in the box for selecting *Apply this rule if... and click on The sender is located...
- A new box should pop up titled Select Sender Location. Click in the drop down and select Outside the organization. Then click OK. You may notice the rule Name is now filled in. You can keep it, or enter your own name for the rule.
- If you click the *Do the following... drop down, you'll notice there is no option to prepend anything. Thanks for making this easy Microsoft! Click on More options... towards the bottom of the new rule window.
- Once More options... is clicked, you'll notice three new buttons appear, add condition, add action, and add exception. And if you click the drop down now for *Do the following..., you'll also notice new options. If Apply a disclaimer to the message... is selected, you get a sub selection menu for choosing append a disclaimer or prepend a disclaimer
- Now enter your text and the fall back action. I recommend using HTML text that will create a colored box around the warning to draw more attention to it. Here's a sample:
And the fall back action I use is Wrap (see Final notes below for details on the fall back action).<div style="border:solid #9C6600 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt"> <p class="MsoNormal" style="line-height:12.0pt;background:#FFEE99"><b><span style="font-size:10.0pt;color:#9C6500">CAUTION:</span></b><span style="font-size:10.0pt;color:black"> This email originated from outside of the organization. Do not click links or open unexpected attachments unless you recognize the sender and know the content is safe.<o:p></o:p></span></p> </div> <p> </p> - Save the rule and test.
Final notes:
Fall back action options are as follows (as documented at https://docs.microsoft.com/en-us/exchange/policy-and-compliance/mail-flow-rules/actions?view=exchserver-2019)
Wrap: The original message is wrapped in a new message envelope, and the disclaimer text is inserted into the new message. This is the default value.
• Subsequent mail flow rules are applied to the new message envelope, not to the original message. Therefore, configure these rules with a lower priority than other rules.
• If the original message can't be wrapped in a new message envelope, the original message isn't delivered. The message is returned to the sender in an NDR.
Ignore: The rule is ignored and the message is delivered without the disclaimer
Reject: The message is returned to the sender in an NDR.
While I have not tested this in Exchange 2019, I would expect the procedure to be substantially the same.
Jack of All Trades with an interest in facilitating networking through social interaction of IT Professionals
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (0)