Configure transport rules

  • 4 minutes

Transport rules are another mechanism that can be used to improve defenses against spam. They can also be used to carry out other functions, such as:

  • Prevent inappropriate content from entering or leaving the organization.
  • Filter confidential organization information.
  • Track or archive copied messages that are sent to or received from specific individuals.
  • Redirect inbound and outbound messages for inspection before delivery.
  • Append disclaimers to messages as they pass through the organization.

Each transport rule consists of:

  • Message characteristics to which you can apply a transport rule action.
  • Further conditions that can exclude messages from the transport rule action.
  • Actions that apply to messages that match the conditions and exceptions.

This unit focuses on two applications of transport rules: Bypass spam filtering and Add disclaimers.

Bypass spam filtering

Bypass spam filtering enables you to allow single senders or whole sender domains and ensure that messages from those senders are always accepted without any spam filtering. However, SMTP address spoofing can lead to messages being accepted that don't originate from the specified domain.

Caution

Before bypassing spam filtering in productive systems, you should evaluate the reasons for bypassing a security system. Sometimes the business requirements force you to apply a configuration like this. However, you should always try to avoid bypassing a security system if possible.

To bypass spam filtering and the allowlist for a specific domain, you should complete the following steps:

  1. In the Microsoft 365 admin center, select Show all in the left-hand navigation pane, and then under the list of Admin centers, select Exchange. A new tab will open that displays the Exchange admin center for Exchange Online.
  2. In the Exchange admin center, in the left-hand navigation pane, select Mail flow, and then select Rules.
  3. In the Rules window, select the Add a rule on the menu bar. In the drop-down menu that appears, select Bypass spam filtering.
  4. In the New transport rule window that appears, enter a descriptive name such as Allowed list of partner domains in the Name field.
  5. Under Apply this rule if, select the drop-down arrow in the field, select The sender and then select domain is.
  6. In the specify domain window, enter the domains that you want to add to the allowlist and select Add.
  7. Select Save when you have finished adding domains.
  8. Under Do the following, the action should already be set to Modify the message properties and set the spam confidence level (SCL) with a value of -1.
  9. Under Except if, select the drop-down menu and include any of the options for excluding people within those domains.

All the domains that you specified are now allow listed and messages sent from those domains will go directly to the recipients without having spam filtering applied.

Add disclaimers

Disclaimers provide a mechanism for organizations to attach standard text to the bottom of an email, such as explaining what to do if the recipient is sent the message in error or disclaiming responsibility for any actions the recipient may carry out because of the contents of the email. Typically, legal disclaimers try to address five main areas:

  • Breach of confidentiality, whether accidental or deliberate. For example: Don't forward this message to people outside the company.
  • Transmission of viruses. For example: We can't guarantee this message is virus-free.
  • Entering contracts. For example: This email doesn't form a contract.
  • Negligent misstatement. For example: This email doesn't consist of advice and shouldn't be used.
  • Employer's liability. For example: Don't send offensive emails and Company email systems are subject to monitoring.

The main problem with disclaimers is that courts may take a different view of the legal position of the content of the message as compared to the information set out in the disclaimer. However, they can indicate that the sender's organization has attempted to prevent, for example, a virus outbreak at a client site by warning the recipient to have the incoming email scanned.

Disclaimers can also be added for marketing reasons, although these types of disclaimers are more like footnotes or email signatures.

To use the Exchange admin center to set up a disclaimer that bypasses spam filtering, complete the following steps:

  1. In the Microsoft 365 admin center, select Show all in the left-hand navigation pane, and then under the list of Admin centers, select Exchange. A new tab will open that displays the Exchange admin center for Exchange Online.

  2. In the Exchange admin center, in the left-hand navigation pane, select Mail flow, and then select Rules.

  3. In the Rules window, select the Add a rule on the menu bar. In the drop-down menu that appears, select Apply disclaimers.

  4. In the new transport rule window that appears, enter a descriptive name such as Corporate Disclaimer in the Name field.

  5. Under Apply this rule if, select the drop-down arrow in the field and then select The recipient and then is external/internal.

  6. In the select recipient location box, select Outside the organization and select save.

  7. Under Do the following, the action should already be set to Append the disclaimer.

  8. Select Enter text, and in the Specify disclaimer text box, enter the text of the disclaimer, then select Save.

    Tip

    In the Specify disclaimer text box, you can insert plain text, HTML, and inline CSS, including user based dynamic information from Active Directory.

  9. To the right of Fall back to action, select Select one, then in the Specify fallback action box, select Wrap, Ignore, or Reject, and then select Save.

  10. Under Except if, select the drop-down menu and include any of the options for excluding senders, recipients, or messages.

Further reading. For more information, see Organization-wide disclaimers, signatures, footers, or headers in Exchange Server and Manage mail flow rules.