Examine how mail flow rules work
A mail flow rule is made up of the following conditions, exceptions, actions, and properties:
- Conditions: Identify the messages that you want to apply the actions to. Some conditions examine message header fields (for example, the To, From, or Cc fields). Other conditions examine message properties (for example, the message subject, body, attachments, message size, or message classification). Most conditions require you to specify a comparison operator (for example, equals, doesn't equal, or contains) and a value to match. If there are no conditions or exceptions, the rule is applied to all messages.
- Exceptions: Optionally identify the messages that the actions shouldn't apply to. The same message identifiers that are available in conditions are also available in exceptions. Exceptions override conditions and prevent the rule actions from being applied to a message, even if the message matches all of the configured conditions.
- Actions: Specify what to do to messages that match the conditions in the rule, and don't match any of the exceptions. There are many actions available, such as rejecting, deleting, or redirecting messages, adding additional recipients, adding prefixes in the message subject, or inserting disclaimers in the message body.
- Properties: Specify other rules settings that aren't conditions, exceptions or actions. For example, when the rule should be applied, whether to enforce or test the rule, and the time period when the rule is active.enforce or test the rule, and the time period when the rule is active.
The following table identifies how multiple conditions, condition values, exceptions, and actions are handled in a rule.
| Component | Logic | Comments |
|---|---|---|
| Multiple conditions | AND | A message must match all the conditions in the rule. If you need to match one condition or another, use separate rules for each condition. For example, if you want to add the same disclaimer to messages with attachments and messages that contain specific text, create one rule for each condition. In the EAC, you can easily copy a rule. |
| One condition with multiple values | OR | Some conditions allow you to specify more than one value. The message must match any one (not all) of the specified values. For example, if an email message has the subject Stock price information, and the The subject includes any of these words condition is configured to match the words Contoso or stock, the condition is satisfied because the subject contains at least one of the specified values. |
| Multiple exceptions | OR | If a message matches any one of the exceptions, the actions are not applied to the message. The message doesn't have to match all the exceptions. |
| Multiple actions | AND | Messages that match a rule's conditions get all the actions that are specified in the rule. For example, if the actions Prepend the subject of the message with and Add recipients to the Bcc box are selected, both actions are applied to the message. Keep in mind that some actions (for example, the Delete the message without notifying anyone action) prevent subsequent rules from being applied to a message. Other actions (for example, the Forward the message) don't allow additional actions. You can also set an action on a rule so that when that rule is applied, subsequent rules are not applied to the message. |
Mail flow rule properties
You can also use the Set-TransportRule cmdlet to modify existing mail flow rules in your organization. Below is a list of properties not available in the EAC that you can change.
| Condition Name in the EAC | Condition name in Exchange Online PowerShell | Description |
|---|---|---|
| Stop Processing Rules | StopRuleProcessing | Enables you to stop processing additional rules |
| Header/Envelope matching | SenderAddressLocation | Enables you to examine the SMTP message envelope to ensure the header and envelop match |
| Audit severity | SetAuditSeverity | Enables you to select a severity level for the audit |
| Rule modes | Mode | Enables you to set the mode for the rule |
Differences in processing based on message type
There are several types of messages that pass through an organization. The following table shows which messages types can be processed by mail flow rules.
| Type of message | Can a rule be applied? |
|---|---|
| Regular messages: Messages that contain a single rich text format (RTF), HTML, or plain text message body or a multipart or alternative set of message bodies. | Yes |
| Message Encryption: Messages encrypted by Message Encryption in Microsoft 365 or Office 365. | Rules can always access envelope headers and process messages based on conditions that inspect those headers. For a rule to inspect or modify the contents of an encrypted message, you need to verify that transport decryption is enabled (Mandatory or Optional; the default is Optional). You can also create a rule that automatically decrypts encrypted messages. |
| S/MIME encrypted messages | Rules can only access envelope headers and process messages based on conditions that inspect those headers. Rules with conditions that require inspection of the message's content, or actions that modify the message's content can't be processed. |
| RMS protected messages: Messages that had an Active Directory Rights Management Services (AD RMS) or Azure Rights Management (RMS) policy applied. | Rules can always access envelope headers and process messages based on conditions that inspect those headers. For a rule to inspect or modify the contents of an RMS protected message, you need to verify that transport decryption is enabled (Mandatory or Optional; the default is Optional). |
| Clear-signed messages: Messages that have been signed but not encrypted. | Yes |
| Anonymous messages: Messages sent by anonymous senders. | Yes |
Read reports: Reports that are generated in response to read receipt requests by senders. Read reports have a message class of IPM.Note*.MdnRead or IPM.Note*.MdnNotRead. |
Yes |