Mail flow rule matches Return-Path address, not just From

Question

I am trying to configure a mail flow rule to look for text patterns in a sender address. Unfortunately, it appears to be checking the Return-Path address and not just the From or ReplyTo addresses. Is there any way to force Exchange to ignore the return-path address in this rule and only check the From address?

Answer 1

Hi @ Jay Carper ,

Great to know that you've already got of a solution and really appreciate it for your sharing!
By the way, since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others.". and according to the scenario introduced here: Answering your own questions on Microsoft Q&A, I would make a brief summary of this thread:

[Mail flow rule matches Return-Path address, not just From]
Issue Symptom:

I am trying to configure a mail flow rule to look for text patterns in a sender address. Unfortunately, it appears to be checking the Return-Path address and not just the From or ReplyTo addresses. Is there any way to force Exchange to ignore the return-path address in this rule and only check the From address?

 

The solution:

Exchange's mail flow rules don't follow all of the standard Regex conventions. Here's how I got it to work...

I set up a rule with these parameters:

1.    Includes these patterns in the From address: 'blah.com@' or 'blah.com.+@' and Is received from 'Outside the organization'. (Don't append any flags, like '/gi'.)

2.    Redirect the message to ******@blah.com. (Some legitimate organizations incorporate the recipient's email address into the From address, but use their own domain name. I want to catch these and add them to the exceptions in the next parameter.)

3.    Except if it includes these patterns in the From address: '@domain1.com' or '@domain2.com'.

4.    Match sender address in message: Header. (In the rule Settings instead of Conditions.)

 

---

You could click the "Accept Answer" button for this summary to close this thread, and this can make it easier for other community member's to see the useful information when reading this thread. Thanks for your understanding!

 

Answer 2

yes, check the header like this:

Answer 3

For some reason that I'm sure makes sense to someone at Microsoft you have to specify which Sender address under the rule Settings rather than the rule Conditions.

Answer 4

Hi @ Jay Carper ,

This setting requires setting up a condition or exception in the rule to examine the sender's email address:

Mail flow rules (transport rules) in Exchange Online | Microsoft Learn

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 5

Exchange's mail flow rules don't follow all of the standard Regex conventions. Here's how I got it to work...

I set up a rule with these parameters:

1. Includes these patterns in the From address: 'blah.com@' or 'blah.com.+@' and Is received from 'Outside the organization'. (Don't append any flags, like '/gi'.)
2. Redirect the message to ******@blah.com. (Some legitimate organizations incorporate the recipient's email address into the From address, but use their own domain name. I want to catch these and add them to the exceptions in the next parameter.)
3. Except if it includes these patterns in the From address: '@domain1.com' or '@domain2.com'.
4. Match sender address in message: Header. (In the rule Settings instead of Conditions.)