Dela via


Mail flow rule conditions and exceptions (predicates) in Exchange Online

Conditions and exceptions in mail flow rules (also known as transport rules) identify the messages that the rule is applied to or not applied to. For example, if the rule adds a disclaimer to messages, you can configure the rule to only apply to messages that contain specific words, messages sent by specific users, or to all messages except those sent by the members of a specific distribution group. Collectively, the conditions and exceptions in mail flow rules are also known as predicates, because for every condition, there's a corresponding exception that uses the exact same settings and syntax. The only difference is that conditions specify messages to include, while exceptions specify messages to exclude.

Most conditions and exceptions have one property that requires one or more values. For example, the The sender is condition requires the sender of the message. Some conditions have two properties. For example, the A message header includes any of these words condition requires one property to specify the message header field, and a second property to specify the text to look for in the header field. Some conditions or exceptions don't have any properties. For example, the Any attachment has executable content condition simply looks for attachments in messages that have executable content.

For more information about mail flow rules in Exchange Online, including how multiple conditions/exceptions or multi-valued conditions/exceptions are handled, see Mail flow rules (transport rules) in Exchange Online.

Conditions and exceptions for mail flow rules in Exchange Online

The tables in the following sections describe the conditions and exceptions that are available in mail flow rules in Exchange Online. The property types are described in the Property types section.

Senders

Recipients

Message subject or body

Attachments

Any recipients

Message sensitive information types, To and Cc values, size, and character sets

Sender and recipient

Message properties

Message headers

Notes:

  • After you select a condition or exception in the Exchange admin center (EAC), the value that's ultimately shown in the Apply this rule if or Except if field is often different (shorter) than the "click path value" you selected. Also, when you create new rules based on a template (a filtered list of scenarios), you can often select a short condition name instead of following the complete click path. The short names and full click path values are shown in the EAC column in the tables.

  • If you select [Apply to all messages] in the EAC, you can't specify any other conditions. The equivalent in PowerShell is to create a rule without specifying any condition parameters.

  • The settings and properties are the same in conditions and exceptions; so, the output of the Get-TransportRulePredicate cmdlet doesn't list exceptions separately. Also, the names of some of the predicates that are returned by this cmdlet are different than the corresponding parameter names, and a predicate might require multiple parameters.

Senders

For conditions and exceptions that examine the sender's address, you can specify where rule looks for the sender's address.

In the EAC, in the Properties of this rule section, select Match sender address in message. You might need to select More options to see this setting. In PowerShell, the parameter is SenderAddressLocation. The available values are:

  • Header: Only examine senders in the message headers (From field). This value is the default value.

  • Envelope: Only examine senders from the message envelope (the MAIL FROM value that was used in the SMTP transmission, which is typically stored in the Return-Path field). Message envelope searching is only available for the following conditions (and the corresponding exceptions):

    • The sender is (From)
    • The sender is a member of (FromMemberOf)
    • The sender address includes (FromAddressContainsWords)
    • The sender address matches (FromAddressMatchesPatterns)
    • The sender's domain is (SenderDomainIs)
  • Header or envelope (HeaderOrEnvelope) Examine senders in the message header and the message envelope.

Note

In the automatic-forwarding scenario, the sender address for forwarded mail is the address of the original sender and not the forwarder. For more information, see A transport rule doesn't match if user mailbox rules automatically forward messages

In the Auto-Reply scenario, sender is determined by checking SenderAddressLocation.

  • If you set -Headers, the sender will be a user-generated Auto-Reply message.
  • If you set -Envelope, the sender will be a user who sent original message.
Condition or exception in the EAC Condition and exception parameters in Exchange Online PowerShell Property type Description
The sender is

The sender > is this person

From
ExceptIfFrom
Addresses Messages that are sent by the specified mailboxes, mail users, mail contacts, or Microsoft 365 groups in the organization.

For more information about using Microsoft 365 groups with this condition, see the Addresses entry in the Property types section.

The sender is located

The sender > is external/internal

FromScope
ExceptIfFromScope
UserScopeFrom Messages that are sent by either internal senders or external senders.
The sender is a member of

The sender > is a member of this group

FromMemberOf
ExceptIfFromMemberOf
Addresses Messages that are sent by a member of the specified distribution group, mail-enabled security group, or Microsoft 365 group.

For more information about using Microsoft 365 groups with this condition, see the Addresses entry in the Property types section.

The sender address includes

The sender > address includes any of these words

FromAddressContainsWords
ExceptIfFromAddressContainsWords
Words Messages that contain the specified words in the sender's email address.
The sender address matches

The sender > address matches any of these text patterns

FromAddressMatchesPatterns
ExceptIfFromAddressMatchesPatterns
Patterns Messages where the sender's email address contains text patterns that match the specified regular expressions.

For more information about regular expressions, see Regular expressions to be used in transport rules.

The sender is on a recipient's list

The sender > is on a recipient's supervision list

SenderInRecipientList
ExceptIfSenderInRecipientList
SupervisionList Messages where the sender is on the recipient's Allowlist or Blocklist.
The sender's specified properties include any of these words

The sender > has specific properties including any of these words

SenderADAttributeContainsWords
ExceptIfSenderADAttributeContainsWords
First property: ADAttribute

Second property: Words

Messages where the specified Active Directory attribute of the sender contains any of the specified words.

The Country attribute requires the two-letter country code value (for example, DE for Germany).

The sender's specified properties match these text patterns

The sender > has specific properties matching these text patterns

SenderADAttributeMatchesPatterns
ExceptIfSenderADAttributeMatchesPatterns
First property: ADAttribute

Second property: Patterns

Messages where the specified Active Directory attribute of the sender contains text patterns that match the specified regular expressions.
Sender's IP address is in the range

The sender > IP address is in any of these ranges or exactly matches

SenderIPRanges
ExceptIfSenderIPRanges
IPAddressRanges Messages where the sender's IP address matches the specified IP address, or falls within the specified IP address range.
The IP address that's used during evaluation of this condition is the address of the last hop before reaching the service. This IP address is not guaranteed to be the original sender's IP address, especially if third-party software is used during message transport.
The sender's domain is

The sender > domain is

SenderDomainIs
ExceptIfSenderDomainIs
DomainName Messages where the domain of the sender's email address matches the specified value.

This predicate will match domains and subdomains with domain provided. For example:

For the value "domain.com", both domain "domain.com" and subdomain "subdomain.domain.com" will be matched.

Recipients

For conditions and exceptions that examine the recipient's address, you can specify where rule looks for the recipient's address by using the RecipientAddressType parameter in PowerShell. Valid values are:

  • Original: Checks the original address in the To field of the email.
  • Resolved: Examine the recipient's primary SMTP email address (not proxy addresses). This value is the default value.

Note

If the Mail flow rule is configured to check for the recipient where the recipient is a distribution group, the rule won't be matched. When the message is sent to a distribution group, the group will be resolved to distinct users of that group before reaching Mail flow rules and instead, will check every member of a group.

Condition or exception in the EAC Condition and exception parameters in Exchange Online PowerShell Property type Description
The recipient is

The recipient > is this person

SentTo
ExceptIfSentTo
Addresses Messages where one of the recipients is the specified mailbox, mail user, or mail contact in the organization. The recipients can be in the To, Cc, or Bcc fields of the message.

Note: You can't specify distribution groups, mail-enabled security groups, or Microsoft 365 groups. If you need to take action on messages that are sent to a group, use the To box contains(AnyOfToHeader) condition instead.

The recipient is located

The recipient > is external/external

SentToScope
ExceptIfSentToScope
UserScopeTo Messages that are sent to internal or external recipients.
The recipient is a member of

The recipient > is a member of this group

SentToMemberOf
ExceptIfSentToMemberOf
Addresses Messages that contain recipients who are members of the specified distribution group, mail-enabled security group, or Microsoft 365 group. The group can be in the To, Cc, or Bcc fields of the message.

For more information about using Microsoft 365 groups with this condition, see the Addresses entry in the Property types section.

The recipient address includes

The recipient > address includes any of these words

RecipientAddressContainsWords
ExceptIfRecipientAddressContainsWords
Words Messages that contain the specified words in the recipient's email address.

Note: This condition doesn't consider messages that are sent to recipient proxy addresses. It only matches messages that are sent to the recipient's primary email address.

The recipient address matches

The recipient > address matches any of these text patterns

RecipientAddressMatchesPatterns
ExceptIfRecipientAddressMatchesPatterns
Patterns Messages where a recipient's email address contains text patterns that match the specified regular expressions.

Note: This condition doesn't consider messages that are sent to recipient proxy addresses. It only matches messages that are sent to the recipient's primary email address.

The recipient is on the sender's list

The recipient > is on the sender's supervision list

RecipientInSenderList
ExceptIfRecipientInSenderList
SupervisionList Messages where the recipient is on the sender's Allowlist or Blocklist.
The recipient's specified properties include any of these words

The recipient > has specific properties including any of these words

RecipientADAttributeContainsWords
ExceptIfRecipientADAttributeContainsWords
First property: ADAttribute

Second property: Words

Messages where the specified Active Directory attribute of a recipient contains any of the specified words.

The Country attribute requires the two-letter country code value (for example, DE for Germany).

The recipient's specified properties match these text patterns

The recipient > has specific properties matching these text patterns

RecipientADAttributeMatchesPatterns
ExceptIfRecipientADAttributeMatchesPatterns
First property: ADAttribute

Second property: Patterns

Messages where the specified Active Directory attribute of a recipient contains text patterns that match the specified regular expressions.
A recipient's domain is

The recipient > domain is

RecipientDomainIs
ExceptIfRecipientDomainIs
DomainName Messages where the domain of a recipient's email address matches the specified value.

This predicate will match domains and subdomains with domain provided. For example:

For the value "domain.com", both domain "domain.com" and subdomain "subdomain.domain.com" will be matched.

Message subject or body

Note

The search for words or text patterns in the subject or other header fields in the message occurs after the message has been decoded from the MIME content transfer encoding method that was used to transmit the binary message between SMTP servers in ASCII text. You can't use conditions or exceptions to search for the raw (typically, Base64) encoded values of the subject or other header fields in messages.

Condition or exception in the EAC Condition and exception parameters in Exchange Online PowerShell Property type Description
The subject or body includes

The subject or body > subject or body includes any of these words

SubjectOrBodyContainsWords
ExceptIfSubjectOrBodyContainsWords
Words Messages that have the specified words in the Subject field or message body.
The subject or body matches

The subject or body > subject or body matches these text patterns

SubjectOrBodyMatchesPatterns
ExceptIfSubjectOrBodyMatchesPatterns
Patterns Messages where the Subject field or message body contains text patterns that match the specified regular expressions.
The subject includes

The subject or body > subject includes any of these words

SubjectContainsWords
ExceptIfSubjectContainsWords
Words Messages that have the specified words in the Subject field.
The subject matches

The subject or body > subject matches these text patterns

SubjectMatchesPatterns
ExceptIfSubjectMatchesPatterns
Patterns Messages where the Subject field contains text patterns that match the specified regular expressions.

Attachments

For more information about how mail flow rules inspect message attachments, see Use mail flow rules to inspect message attachments in Exchange Online.

Tip

If you suspect that your rule isn't working properly, first check which attachments the message contains. To inspect which attachment/s the message contained during Mail flow rule evaluation, see Test-TextExtraction.

Condition or exception in the EAC Condition and exception parameters in Exchange Online PowerShell Property type Description
Any attachment's content includes

Any attachment > content includes any of these words

AttachmentContainsWords
ExceptIfAttachmentContainsWords
Words Messages where an attachment contains the specified words.
Any attachments content matches

Any attachment > content matches these text patterns

AttachmentMatchesPatterns
ExceptIfAttachmentMatchesPatterns
Patterns Messages where an attachment contains text patterns that match the specified regular expressions.

Note: Only the first 150 kilobytes (KB) of the attachments are scanned.

Any attachment's content can't be inspected

Any attachment > content can't be inspected

AttachmentIsUnsupported
ExceptIfAttachmentIsUnsupported
n/a Mail flow rules only can inspect the content of supported file types. If the mail flow rule finds an attachment file type that isn't supported, the AttachmentIsUnsupported condition is triggered. Supported file types for an attachment are listed here Use mail flow rules to inspect message attachments in Exchange Online.
Any attachment's file name matches

Any attachment > file name matches these text patterns

AttachmentNameMatchesPatterns
ExceptIfAttachmentNameMatchesPatterns
Patterns Messages where an attachment's file name contains text patterns that match the specified regular expressions.
Any attachment's file extension matches

Any attachment > file extension includes these words

AttachmentExtensionMatchesWords
ExceptIfAttachmentExtensionMatchesWords
Words Messages where an attachment's file extension matches any of the specified words.
Note: Nested attachments (files inside original attachments) extensions and original attachment extensions are inspected. If you want to see all attachment extensions evaluated by a mail flow rule for a specific message, see Test-TextExtraction.
Any attachment is greater than or equal to

Any attachment > size is greater than or equal to

AttachmentSizeOver
ExceptIfAttachmentSizeOver
Size Messages where any attachment is greater than or equal to the specified value.

In the EAC, you can only specify the size in kilobytes (KB).

The message didn't complete scanning

Any attachment > didn't complete scanning

AttachmentProcessingLimitExceeded
ExceptIfAttachmentProcessingLimitExceeded
n/a Messages where the rules engine couldn't complete the scanning of the attachments. You can use this condition to create rules that work together to identify and process messages where the content couldn't be fully scanned.
Any attachment has executable content

Any attachment > has executable content

AttachmentHasExecutableContent
ExceptIfAttachmentHasExecutableContent
n/a Messages where an attachment is an executable file. The system inspects the file's properties rather than relying on the file's extension. To understand better this condition/exception, see Use mail flow rules to inspect message attachments in Exchange Online
Any attachment is password protected

Any attachment > is password protected

AttachmentIsPasswordProtected
ExceptIfAttachmentIsPasswordProtected
n/a Messages where an attachment is password protected (and therefore can't be scanned). Password detection works for Office documents, archive documents (.zip, .7z), and .pdf files.
has these properties, including any of these words

Any attachment > has these properties, including any of these words

AttachmentPropertyContainsWords
ExceptIfAttachmentPropertyContainsWords
First property: DocumentProperties

Second property: Words

Messages where the specified property of an attached Office document contains the specified words.

This condition helps you integrate mail flow rules with SharePoint, File Classification Infrastructure (FCI) in Windows Server 2012 R2 or later, or a third-party classification system.

You can select from a list of built-in properties, or specify a custom property.

Any recipients

The conditions and exceptions in this section provide a unique capability that affects all recipients when the message contains at least one of the specified recipients. For example, let's say you have a rule that rejects messages. If you use a recipient condition from the Recipients section, the message is only rejected for those specified recipients. For example, if the rule finds the specified recipient in a message, but the message contains five other recipients, then the message is rejected for that one recipient, and is delivered to the five other recipients.

If you add a recipient condition from this section, that same message is rejected for the detected recipient and the five other recipients.

Conversely, a recipient exception from this section prevents the rule action from being applied to all recipients of the message, not just for the detected recipients.

Note

These conditions don't consider messages that are sent to recipient proxy addresses. They only match messages that are sent to the recipient's primary email address.

These conditions are applied to all recipients in the current fork of the message only. If the message was bifurcated by any other action (for example, anti-malware or an earlier mail flow rule), the action will be applied on the matching fork only.

Condition or exception in the EAC Condition and exception parameters in Exchange Online PowerShell Property type Description
Any recipient address includes

Any recipient > address includes any of these words

AnyOfRecipientAddressContainsWords
ExceptIfAnyOfRecipientAddressContainsWords
Words Messages that contain the specified words in the To, Cc, or Bcc fields of the message.
Any recipient address matches

Any recipient > address matches any of these text patterns

AnyOfRecipientAddressMatchesPatterns
ExceptIfAnyOfRecipientAddressMatchesPatterns
Patterns Messages where the To, Cc, or Bcc fields contain text patterns that match the specified regular expressions.

Message sensitive information types, To and Cc values, size, and character sets

The conditions in this section that look for values in the To and Cc fields behave like the conditions in the Any recipients section (all recipients of the message are affected by the rule, not just the detected recipients).

Notes:

  • The recipient conditions in this section don't consider messages that are sent to recipient proxy addresses. They only match messages that are sent to the recipient's primary email address.
  • For more information about using Microsoft 365 groups with the recipient conditions in this section, see the Addresses entry in the Property types section.
Condition or exception in the EAC Condition and exception parameters in Exchange Online PowerShell Property type Description
The To box contains

The message > To box contains this person

AnyOfToHeader
ExceptIfAnyOfToHeader
Addresses Messages where the To field includes any of the specified recipients.
The To box contains a member of

The message > To box contains a member of this group

AnyOfToHeaderMemberOf
ExceptIfAnyOfToHeaderMemberOf
Addresses Messages where the To field contains a recipient who is a member of the specified distribution group, mail-enabled security group, or Microsoft 365 group.
The Cc box contains

The message > Cc box contains this person

AnyOfCcHeader
ExceptIfAnyOfCcHeader
Addresses Messages where the Cc field includes any of the specified recipients.
The Cc box contains a member of

The message > contains a member of this group

AnyOfCcHeaderMemberOf
ExceptIfAnyOfCcHeaderMemberOf
Addresses Messages where the Cc field contains a recipient who is a member of the specified distribution group or mail-enabled security group.
The To or Cc box contains

The message > To or Cc box contains this person

AnyOfToCcHeader
ExceptIfAnyOfToCcHeader
Addresses Messages where the To or Cc fields contains any of the specified recipients.
The To or Cc box contains a member of

The message > To or Cc box contains a member of this group

AnyOfToCcHeaderMemberOf
ExceptIfAnyOfToCcHeaderMemberOf
Addresses Messages where the To or Cc fields contains a recipient who is a member of the specified distribution group or mail-enabled security group.
The message size is greater than or equal to

The message > size is greater than or equal to

MessageSizeOver
ExceptIfMessageSizeOver
Size Messages where the total size (message plus attachments) is greater than or equal to the specified value.

In the EAC, you can only specify the size in kilobytes (KB).

Note: Message size limits on mailboxes are evaluated before mail flow rules' action. A message that's too large for a mailbox will be rejected before a rule with this condition is able to act on the message.

The message character set name includes any of these words

The message > character set name includes any of these words

ContentCharacterSetContainsWords
ExceptIfContentCharacterSetContainsWords
CharacterSets Messages that have any of the specified character set names.

Sender and recipient

Condition or exception in the EAC Condition and exception parameters in Exchange Online PowerShell Property type Description
The sender is one of the recipient's

The sender and the recipient > the sender's relationship to a recipient is

SenderManagementRelationship
ExceptIfSenderManagementRelationship
ManagementRelationship Messages where the sender is either the manager of a recipient or is managed by a recipient.
The message is between members of these groups

The sender and the recipient > the message is between members of these groups

BetweenMemberOf1 and BetweenMemberOf2
ExceptIfBetweenMemberOf1 and ExceptIfBetweenMemberOf2
Addresses Messages that are sent between members of the specified distribution groups or mail-enabled security groups.

For more information about using Microsoft 365 groups with this condition, see the Addresses entry in the Property types section.

The manager of the sender or recipient is

The sender and the recipient > the manager of the sender or recipient is this person

ManagerForEvaluatedUser and ManagerAddress
ExceptIfManagerForEvaluatedUser and ExceptIfManagerAddress
First property: EvaluatedUser

Second property: Addresses

Messages where a specified user is either the manager of the sender or of a recipient.
The sender's and any recipient's property compares as

The sender and the recipient > the sender and recipient property compares as

ADComparisonAttribute and ADComparisonOperator
ExceptIfADComparisonAttribute and ExceptIfADComparisonOperator
First property: ADAttribute

Second property: Evaluation

Messages where the specified Active Directory attributes for the sender and recipient either match or don't match.

Message properties

Condition or exception in the EAC Condition and exception parameters in Exchange Online PowerShell Property type Description
The message type is

The message properties > include the message type

MessageTypeMatches
ExceptIfMessageTypeMatches
MessageType Messages of the specified type.
Note: When Outlook or Outlook on the web (formerly known as Outlook Web App) is configured to forward a message, the ForwardingSmtpAddress property is added to the message. In thin clients like Outlook on the web, encryption as a message type is currently not supported.
If the message has been forwarded using mailbox forwarding (also known as SMTP Forwarding), this condition/exception will not match during mail flow rule evaluation.
The message is classified as

The message properties > include this classification

HasClassification
ExceptIfHasClassification
MessageClassification Messages that have the specified message classification. This classification is a custom message classification that you can create in your organization by using the New-MessageClassification cmdlet.

Note: This condition/exception isn't available in standalone EOP environments.

The message isn't marked with any classifications

The message properties > don't include any classification

HasNoClassification
ExceptIfHasNoClassification
n/a Messages that don't have a message classification.

Note: This condition/exception isn't available in standalone EOP environments.

The message importance is set to

The message properties > include the importance level

WithImportance
ExceptIfWithImportance
Importance Messages that are marked with the specified "Importance" level.

Message headers

Note

The search for words or text patterns in the subject or other header fields in the message occurs after the message has been decoded from the MIME content transfer encoding method that was used to transmit the binary message between SMTP servers in ASCII text. You can't use conditions or exceptions to search for the raw (typically, Base64) encoded values of the subject or other header fields in messages.

Condition or exception in the EAC Condition and exception parameters in Exchange Online PowerShell Property type Description
A message header includes

A message header > includes any of these words

HeaderContainsMessageHeader and HeaderContainsWords
ExceptIfHeaderContainsMessageHeader and ExceptIfHeaderContainsWords
First property: MessageHeaderField

Second property: Words

Messages that contain the specified header field, and the value of that header field contains the specified words.

The name of the header field and the value of the header field are always used together.

A message header matches

A message header > matches these text patterns

HeaderMatchesMessageHeader and HeaderMatchesPatterns
ExceptIfHeaderMatchesMessageHeader and ExceptIfHeaderMatchesPatterns
First property: MessageHeaderField

Second property: Patterns

Messages that contain the specified header field, and the value of that header field contains the specified regular expressions.

The name of the header field and the value of the header field are always used together.

Property types

The property types that are used in conditions and exceptions are described in the following table:

Note

If the property is a string, trailing spaces aren't allowed.

Property type Valid values Description
ADAttribute Select from a predefined list of Active Directory attributes You can check against any of the following Active Directory attributes:
  • City
  • Company
  • Country
  • CustomAttribute1 - CustomAttribute15
  • Department
  • DisplayName
  • Email
  • FaxNumber
  • FirstName
  • HomePhoneNumber
  • Initials
  • LastName
  • Manager
  • MobileNumber
  • Notes
  • Office
  • OtherFaxNumber
  • OtherHomePhoneNumber
  • OtherPhoneNumber
  • PagerNumber
  • PhoneNumber
  • POBox
  • State
  • Street
  • Title
  • UserLogonName
  • ZipCode

In the EAC, to specify multiple words or text patterns for the same attribute, separate the values with commas. For example, the value San Francisco,Palo Alto for the City attribute looks for "City equals San Francisco" or "City equals Palo Alto".

In Exchange Online PowerShell, use the syntax "AttributeName1:Value1,Value 2 with spaces,Value3...","AttributeName2:Word4,Value 5 with spaces,Value6...", where Value is the word or text pattern that you want to match, for example, "City:San Francisco,Palo Alto" or "City:San Francisco,Palo Alto", "Department:Sales,Finance".

When you specify multiple attributes, or multiple values for the same attribute, the or operator is used. Don't use values with leading or trailing spaces.

The Country attribute requires the two-letter ISO 3166-1 country code value (for example, DE for Germany). For more information, see Country Codes - ISO 3166.

Addresses Exchange Online recipients Depending on the nature of the condition or exception, you might be able to specify any mail-enabled object in the organization (for example, recipient-related conditions), or you might be limited to a specific object type (for example, groups for group membership conditions). And, the condition or exception might require one value, or allow multiple values.

In Exchange Online PowerShell, separate the multiple values by commas.

This condition doesn't consider messages that are sent to recipient proxy addresses. It only matches messages that are sent to the recipient's primary email address.

The recipient picker in the EAC doesn't allow you to select Microsoft 365 groups from the list of recipients. But, you can enter the email address of a Microsoft 365 group in the box next to Check names, and then validate the email address by selecting Check names, which will add the group to the add box.

CharacterSets Array of character set names One or more content character sets that exist in a message. For example:
  • Arabic/iso-8859-6
  • Chinese/big5
  • Chinese/euc-cn
  • Chinese/euc-tw
  • Chinese/gb2312
  • Chinese/iso-2022-cn
  • Cyrillic/iso-8859-5
  • Cyrillic/koi8-r
  • Cyrillic/windows-1251
  • Greek/iso-8859-7
  • Hebrew/iso-8859-8
  • Japanese/euc-jp
  • Japanese/iso-022-jp
  • Japanese/shift-jis
  • Korean/euc-kr
  • Korean/johab
  • Korean/ks_c_5601-1987
  • Turkish/windows-1254
  • Turkish/iso-8859-9
  • Vietnamese/tcvn
DomainName Array of SMTP domains For example, contoso.com or eu.contoso.com.

In Exchange Online PowerShell, you can specify multiple domains separated by commas.

EvaluatedUser Single value of Sender or Recipient Specifies whether the rule is looking for the manager of the sender or of the recipient.
Evaluation Single value of Equal or Not equal (NotEqual) When comparing the Active Directory attribute of the sender and recipients, this property specifies whether the values should match, or not match.
Importance Single value of Low, Normal, or High The "Importance" level that was assigned to the message by the sender in Outlook or Outlook on the web.
IPAddressRanges Array of IP addresses or address ranges You enter the IPv4 addresses using the following syntax:
  • Single IP address: For example, 192.168.1.1.
  • IP address range: For example, 192.168.0.1-192.168.0.254.
  • Classless InterDomain Routing (CIDR) IP address range: For example, 192.168.0.1/25.

In Exchange Online PowerShell, you can specify multiple IP addresses or ranges separated by commas.

ManagementRelationship Single value of Manager or Direct report (DirectReport) Specifies the relationship between the sender and any of the recipients. The rule checks the Manager attribute in Active Directory to see if the sender is the manager of a recipient or is managed by a recipient.
MessageClassification Single message classification In the EAC, you select from the list of message classifications that you've created.

In Exchange Online PowerShell, you use the Get-MessageClassification cmdlet to identify the message classification.

For example, use the following command to search for messages with the Company Internal classification and prepend the message subject with the value CompanyInternal: New-TransportRule "Rule Name" -HasClassification @(Get-MessageClassification "Company Internal").Identity -PrependSubject "CompanyInternal"

MessageHeaderField Single string Specifies the name of the header field. The name of the header field is always paired with the value in the header field (word or text pattern match). The message header is a collection of required and optional header fields in the message. Examples of header fields are To, From, Received, and Content-Type. Official header fields are defined in RFC 5322. Unofficial header fields start with X- and are known as X-headers.
MessageType Single message type value Specifies one of the following message types:
  • Automatic reply (OOF)
  • Auto-forward (AutoForward)
  • Encrypted
  • Calendaring
  • Permission controlled (PermissionControlled)
  • Voicemail
  • Signed
  • Approval request (ApprovalRequest)
  • Read receipt (ReadReceipt)

Note: When Outlook or Outlook on the web is configured to forward a message, the ForwardingSmtpAddress property is added to the message.

Patterns Array of regular expressions Specifies one or more regular expressions that are used to identify text patterns in values. For more information, see Regular Expression Syntax.

In Exchange Online PowerShell, you specify multiple regular expressions separated by commas, and you enclose each regular expression within quotation marks (").
Regular Expressions used in Transport Rules are NOT case sensitive.

SCLValue One of the following values:
  • Bypass spam filtering (-1)
  • Integers 0 through 9
Specifies the spam confidence level (SCL) that's assigned to a message. A higher SCL value indicates that a message is more likely to be spam.
Size Single size value Specifies the size of an attachment or the whole message.

In the EAC, you can only specify the size in kilobytes (KB).

In Exchange Online PowerShell, when you enter a value, qualify the value with one of the following units:

  • B (bytes)
  • KB (kilobytes)
  • MB (megabytes)
  • GB (gigabytes)

For example, 20 MB. Unqualified values are typically treated as bytes, but small values may be rounded up to the nearest kilobyte.

SupervisionList Single value of Allow or Block Supervision policies were a feature in Live@edu that allowed you to control who could send mail to and receive mail from users in your organization (for example, the closed campus and anti-bullying policies). In Microsoft 365 and Office 365, you can't configure supervision list entries on mailboxes.
UserScopeFrom Single value of Inside the organization (InOrganization) or Outside the organization (NotInOrganization) A sender is considered to be inside the organization if either of the following conditions is true:
  • The message was sent or received over an authenticated connection AND the sender meets at least one of the following criteria: The sender is a mailbox or a mail user or a group, or a mail-enabled public folder in the organization.
  • The sender's email address is in an accepted domain that's configured as an authoritative domain or in an internal relay domain, and the message was sent or received over an authenticated connection. For more information about accepted domains, see Manage accepted domains in Exchange Online.

A sender is considered to be outside the organization if either of the following conditions is true:

  • The sender's email address isn't in an accepted domain.
  • The sender's email address is in an accepted domain that's configured as an external relay domain.

Note: To determine whether mail contacts are considered to be inside or outside the organization, the sender's address is compared with the organization's accepted domains.

UserScopeTo One of the following values:
  • Inside the organization (InOrganization)
  • Outside the organization (NotInOrganization)
A recipient is considered to be inside the organization if any of the following conditions are true:
  • The recipient is a mailbox, mail user, group, or mail-enabled public folder that exists inside the organization.
  • The recipient's email address is in an accepted domain that's configured as an authoritative domain or in an internal relay domain, and the message was sent or received over an authenticated connection.
  • The recipient's domain is in a remote domain with the IsInternal parameter being set to the value $true.

A recipient is considered to be outside the organization if either of the following conditions is true:

  • The recipient's email address isn't in an accepted domain.
  • The recipient's email address is in an accepted domain that's configured as an external relay domain.
Words Array of strings Specifies one or more words to look for. The words aren't case-sensitive, and can be surrounded by spaces and punctuation marks. Wildcards and partial matches aren't supported. For example, "contoso" matches " Contoso".

However, if the text is surrounded by other characters, it isn't considered a match. For example, "contoso" doesn't match the following values:

  • Acontoso
  • Contosoa
  • Acontosob

The asterisk (*) is treated as a literal character, and isn't used as a wildcard character.

The "at" sign (@) is also treated as a literal character. Therefore, if it's used when searching Recipient Addresses, it won't match. For example:

  • @contoso.com won't match user@contoso.com
  • contoso.com will match user@contoso.com

In this scenario, the correct way to set up matching patterns is to use either ExceptIfRecipientDomainIs or ExceptIfRecipientAddressMatchesPatterns

For more information

Mail flow rules (transport rules) in Exchange Online

Mail flow rule actions in Exchange Online

Mail flow rules (transport rules) in Exchange Online

New-TransportRule