This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 70%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFL%3C/text%3E%3C/svg%3E)
Hi,
To block malicious mails, our Exchange Online server has a message rule that forwards any mail with a .htm, .html attachment to us (system administrators) for approval. The rule works, we regularly get requests from the mailserver to either approve or deny certain mails that contain these attachments. About 90% of these mails is malicious and should not go through.
We don't want the assholes sending these mails obtaining any information about our company or what was what done with the mails they sent, yet when we deny the mail by clicking the deny button a formal rejection notice is mailed back to the sender. The same goes for when we let it expire and don't take action at all, in that case a formal expiration notice is sent back to the sender. Is there any way to stop Exchange Online from sending these notifications? Like I said, we don't want to provide any info to the phishers/attackers sending these mails.
Thanks in advance
Honestly, if 90% are malicious, I would just change the rule to either send everything to the quarantine and release later if needed or simply delete the message with no NDR with the rule.
Hi Andy, thanks for your reply. Yeah the amount of malicious/phishing .html attachments is actually pretty huge (not talking about regular html mail here although those are pretty common too) and I would recommend anyone to create a similar rule. Unfortunately deleting is not really an option for us.
As for the quarantine, this should work fine because we check this on a daily basis. Would the following rule put these in our quarantine?
Apply this rule if
Any attachment > file extension includes .html, .htm - (this one we already have in place)
Redirect the message to > hosted quarantine - (this one would be new)
Correct, that would move all those messages to the quarantine and you can review later, If released, the sender would not be notified.
Ok thanks!