Mail flow rule conditions and exceptions (predicates) in Exchange Online
Conditions and exceptions in mail flow rules (also known as transport rules) identify the messages that the rule is applied to or not applied to. For example, if the rule adds a disclaimer to messages, you can configure the rule to only apply to messages that contain specific words, messages sent by specific users, or to all messages except those sent by the members of a specific distribution group. Collectively, the conditions and exceptions in mail flow rules are also known as predicates, because for every condition, there's a corresponding exception that uses the exact same settings and syntax. The only difference is that conditions specify messages to include, while exceptions specify messages to exclude.
Most conditions and exceptions have one property that requires one or more values. For example, the The sender is condition requires the sender of the message. Some conditions have two properties. For example, the A message header includes any of these words condition requires one property to specify the message header field, and a second property to specify the text to look for in the header field. Some conditions or exceptions don't have any properties. For example, the Any attachment has executable content condition simply looks for attachments in messages that have executable content.
For more information about mail flow rules in Exchange Online, including how multiple conditions/exceptions or multi-valued conditions/exceptions are handled, see Mail flow rules (transport rules) in Exchange Online.
Conditions and exceptions for mail flow rules in Exchange Online
The tables in the following sections describe the conditions and exceptions that are available in mail flow rules in Exchange Online. The property types are described in the Property types section.
Message sensitive information types, To and Cc values, size, and character sets
Notes:
After you select a condition or exception in the Exchange admin center (EAC), the value that's ultimately shown in the Apply this rule if or Except if field is often different (shorter) than the "click path value" you selected. Also, when you create new rules based on a template (a filtered list of scenarios), you can often select a short condition name instead of following the complete click path. The short names and full click path values are shown in the EAC column in the tables.
If you select [Apply to all messages] in the EAC, you can't specify any other conditions. The equivalent in PowerShell is to create a rule without specifying any condition parameters.
The settings and properties are the same in conditions and exceptions; so, the output of the Get-TransportRulePredicate cmdlet doesn't list exceptions separately. Also, the names of some of the predicates that are returned by this cmdlet are different than the corresponding parameter names, and a predicate might require multiple parameters.
Senders
For conditions and exceptions that examine the sender's address, you can specify where rule looks for the sender's address.
In the EAC, in the Properties of this rule section, select Match sender address in message. You might need to select More options to see this setting. In PowerShell, the parameter is SenderAddressLocation. The available values are:
Header: Only examine senders in the message headers (From field). This value is the default value.
Envelope: Only examine senders from the message envelope (the MAIL FROM value that was used in the SMTP transmission, which is typically stored in the Return-Path field). Message envelope searching is only available for the following conditions (and the corresponding exceptions):
- The sender is (From)
- The sender is a member of (FromMemberOf)
- The sender address includes (FromAddressContainsWords)
- The sender address matches (FromAddressMatchesPatterns)
- The sender's domain is (SenderDomainIs)
Header or envelope (
HeaderOrEnvelope) Examine senders in the message header and the message envelope.
Note
In the automatic-forwarding scenario, the sender address for forwarded mail is the address of the original sender and not the forwarder. For more information, see A transport rule doesn't match if user mailbox rules automatically forward messages
In the Auto-Reply scenario, sender is determined by checking SenderAddressLocation.
- If you set -Headers, the sender will be a user-generated Auto-Reply message.
- If you set -Envelope, the sender will be a user who sent original message.
| Condition or exception in the EAC | Condition and exception parameters in Exchange Online PowerShell | Property type | Description |
|---|---|---|---|
| The sender is The sender > is this person |
From ExceptIfFrom |
Addresses |
Messages that are sent by the specified mailboxes, mail users, mail contacts, or Microsoft 365 groups in the organization. For more information about using Microsoft 365 groups with this condition, see the Addresses entry in the Property types section. |
| The sender is located The sender > is external/internal |
FromScope ExceptIfFromScope |
UserScopeFrom |
Messages that are sent by either internal senders or external senders. |
| The sender is a member of The sender > is a member of this group |
FromMemberOf ExceptIfFromMemberOf |
Addresses |
Messages that are sent by a member of the specified distribution group, mail-enabled security group, or Microsoft 365 group. For more information about using Microsoft 365 groups with this condition, see the Addresses entry in the Property types section. |
| The sender address includes The sender > address includes any of these words |
FromAddressContainsWords ExceptIfFromAddressContainsWords |
Words |
Messages that contain the specified words in the sender's email address. |
| The sender address matches The sender > address matches any of these text patterns |
FromAddressMatchesPatterns ExceptIfFromAddressMatchesPatterns |
Patterns |
Messages where the sender's email address contains text patterns that match the specified regular expressions. For more information about regular expressions, see Regular expressions to be used in transport rules. |
| The sender is on a recipient's list The sender > is on a recipient's supervision list |
SenderInRecipientList ExceptIfSenderInRecipientList |
SupervisionList |
Messages where the sender is on the recipient's Allowlist or Blocklist. |
| The sender's specified properties include any of these words The sender > has specific properties including any of these words |
SenderADAttributeContainsWords ExceptIfSenderADAttributeContainsWords |
First property: ADAttribute Second property: |
Messages where the specified Active Directory attribute of the sender contains any of the specified words. The Country attribute requires the two-letter country code value (for example, DE for Germany). |
| The sender's specified properties match these text patterns The sender > has specific properties matching these text patterns |
SenderADAttributeMatchesPatterns ExceptIfSenderADAttributeMatchesPatterns |
First property: ADAttribute Second property: |
Messages where the specified Active Directory attribute of the sender contains text patterns that match the specified regular expressions. |
| Sender's IP address is in the range The sender > IP address is in any of these ranges or exactly matches |
SenderIPRanges ExceptIfSenderIPRanges |
IPAddressRanges |
Messages where the sender's IP address matches the specified IP address, or falls within the specified IP address range. The IP address that's used during evaluation of this condition is the address of the last hop before reaching the service. This IP address is not guaranteed to be the original sender's IP address, especially if third-party software is used during message transport. |
| The sender's domain is The sender > domain is |
SenderDomainIs ExceptIfSenderDomainIs |
DomainName |
Messages where the domain of the sender's email address matches the specified value. This predicate will match domains and subdomains with domain provided. For example: For the value "domain.com", both domain "domain.com" and subdomain "subdomain.domain.com" will be matched. |
Recipients
For conditions and exceptions that examine the recipient's address, you can specify where rule looks for the recipient's address by using the RecipientAddressType parameter in PowerShell. Valid values are:
- Original: Checks the original address in the To field of the email.
- Resolved: Examine the recipient's primary SMTP email address (not proxy addresses). This value is the default value.
Note
If the Mail flow rule is configured to check for the recipient where the recipient is a distribution group, the rule won't be matched. When the message is sent to a distribution group, the group will be resolved to distinct users of that group before reaching Mail flow rules and instead, will check every member of a group.
| Condition or exception in the EAC | Condition and exception parameters in Exchange Online PowerShell | Property type | Description |
|---|---|---|---|
| The recipient is The recipient > is this person |
SentTo ExceptIfSentTo |
Addresses |
Messages where one of the recipients is the specified mailbox, mail user, or mail contact in the organization. The recipients can be in the To, Cc, or Bcc fields of the message. Note: You can't specify distribution groups, mail-enabled security groups, or Microsoft 365 groups. If you need to take action on messages that are sent to a group, use the To box contains(AnyOfToHeader) condition instead. |
| The recipient is located The recipient > is external/external |
SentToScope ExceptIfSentToScope |
UserScopeTo |
Messages that are sent to internal or external recipients. |
| The recipient is a member of The recipient > is a member of this group |
SentToMemberOf ExceptIfSentToMemberOf |
Addresses |
Messages that contain recipients who are members of the specified distribution group, mail-enabled security group, or Microsoft 365 group. The group can be in the To, Cc, or Bcc fields of the message. For more information about using Microsoft 365 groups with this condition, see the Addresses entry in the Property types section. |
| The recipient address includes The recipient > address includes any of these words |
RecipientAddressContainsWords ExceptIfRecipientAddressContainsWords |
Words |
Messages that contain the specified words in the recipient's email address. Note: This condition doesn't consider messages that are sent to recipient proxy addresses. It only matches messages that are sent to the recipient's primary email address. |
| The recipient address matches The recipient > address matches any of these text patterns |
RecipientAddressMatchesPatterns ExceptIfRecipientAddressMatchesPatterns |
Patterns |
Messages where a recipient's email address contains text patterns that match the specified regular expressions. Note: This condition doesn't consider messages that are sent to recipient proxy addresses. It only matches messages that are sent to the recipient's primary email address. |
| The recipient is on the sender's list The recipient > is on the sender's supervision list |
RecipientInSenderList ExceptIfRecipientInSenderList |
SupervisionList |
Messages where the recipient is on the sender's Allowlist or Blocklist. |
| The recipient's specified properties include any of these words The recipient > has specific properties including any of these words |
RecipientADAttributeContainsWords ExceptIfRecipientADAttributeContainsWords |
First property: ADAttribute Second property: |
Messages where the specified Active Directory attribute of a recipient contains any of the specified words. The Country attribute requires the two-letter country code value (for example, DE for Germany). |
| The recipient's specified properties match these text patterns The recipient > has specific properties matching these text patterns |
RecipientADAttributeMatchesPatterns ExceptIfRecipientADAttributeMatchesPatterns |
First property: ADAttribute Second property: |
Messages where the specified Active Directory attribute of a recipient contains text patterns that match the specified regular expressions. |
| A recipient's domain is The recipient > domain is |
RecipientDomainIs ExceptIfRecipientDomainIs |
DomainName |
Messages where the domain of a recipient's email address matches the specified value. This predicate will match domains and subdomains with domain provided. For example: For the value "domain.com", both domain "domain.com" and subdomain "subdomain.domain.com" will be matched. |
Message subject or body
Note
The search for words or text patterns in the subject or other header fields in the message occurs after the message has been decoded from the MIME content transfer encoding method that was used to transmit the binary message between SMTP servers in ASCII text. You can't use conditions or exceptions to search for the raw (typically, Base64) encoded values of the subject or other header fields in messages.
| Condition or exception in the EAC | Condition and exception parameters in Exchange Online PowerShell | Property type | Description |
|---|---|---|---|
| The subject or body includes The subject or body > subject or body includes any of these words |
SubjectOrBodyContainsWords ExceptIfSubjectOrBodyContainsWords |
Words |
Messages that have the specified words in the Subject field or message body. |
| The subject or body matches The subject or body > subject or body matches these text patterns |
SubjectOrBodyMatchesPatterns ExceptIfSubjectOrBodyMatchesPatterns |
Patterns |
Messages where the Subject field or message body contains text patterns that match the specified regular expressions. |
| The subject includes The subject or body > subject includes any of these words |
SubjectContainsWords ExceptIfSubjectContainsWords |
Words |
Messages that have the specified words in the Subject field. |
| The subject matches The subject or body > subject matches these text patterns |
SubjectMatchesPatterns ExceptIfSubjectMatchesPatterns |
Patterns |
Messages where the Subject field contains text patterns that match the specified regular expressions. |
Attachments
For more information about how mail flow rules inspect message attachments, see Use mail flow rules to inspect message attachments in Exchange Online.
Tip
If you suspect that your rule isn't working properly, first check which attachments the message contains. To inspect which attachment/s the message contained during Mail flow rule evaluation, see Test-TextExtraction.
| Condition or exception in the EAC | Condition and exception parameters in Exchange Online PowerShell | Property type | Description |
|---|---|---|---|
| Any attachment's content includes Any attachment > content includes any of these words |
AttachmentContainsWords ExceptIfAttachmentContainsWords |
Words |
Messages where an attachment contains the specified words. |
| Any attachments content matches Any attachment > content matches these text patterns |
AttachmentMatchesPatterns ExceptIfAttachmentMatchesPatterns |
Patterns |
Messages where an attachment contains text patterns that match the specified regular expressions. Note: Only the first 150 kilobytes (KB) of the attachments are scanned. |
| Any attachment's content can't be inspected Any attachment > content can't be inspected |
AttachmentIsUnsupported ExceptIfAttachmentIsUnsupported |
n/a | Mail flow rules only can inspect the content of supported file types. If the mail flow rule finds an attachment file type that isn't supported, the AttachmentIsUnsupported condition is triggered. Supported file types for an attachment are listed here Use mail flow rules to inspect message attachments in Exchange Online. |
| Any attachment's file name matches Any attachment > file name matches these text patterns |
AttachmentNameMatchesPatterns ExceptIfAttachmentNameMatchesPatterns |
Patterns |
Messages where an attachment's file name contains text patterns that match the specified regular expressions. |
| Any attachment's file extension matches Any attachment > file extension includes these words |
AttachmentExtensionMatchesWords ExceptIfAttachmentExtensionMatchesWords |
Words |
Messages where an attachment's file extension matches any of the specified words. Note: Nested attachments (files inside original attachments) extensions and original attachment extensions are inspected. If you want to see all attachment extensions evaluated by a mail flow rule for a specific message, see Test-TextExtraction. |
| Any attachment is greater than or equal to Any attachment > size is greater than or equal to |
AttachmentSizeOver ExceptIfAttachmentSizeOver |
Size |
Messages where any attachment is greater than or equal to the specified value. In the EAC, you can only specify the size in kilobytes (KB). |
| The message didn't complete scanning Any attachment > didn't complete scanning |
AttachmentProcessingLimitExceeded ExceptIfAttachmentProcessingLimitExceeded |
n/a | Messages where the rules engine couldn't complete the scanning of the attachments. You can use this condition to create rules that work together to identify and process messages where the content couldn't be fully scanned. |
| Any attachment has executable content Any attachment > has executable content |
AttachmentHasExecutableContent ExceptIfAttachmentHasExecutableContent |
n/a | Messages where an attachment is an executable file. The system inspects the file's properties rather than relying on the file's extension. To understand better this condition/exception, see Use mail flow rules to inspect message attachments in Exchange Online |
| Any attachment is password protected Any attachment > is password protected |
AttachmentIsPasswordProtected ExceptIfAttachmentIsPasswordProtected |
n/a | Messages where an attachment is password protected (and therefore can't be scanned). Password detection works for Office documents, archive documents (.zip, .7z), and .pdf files. |
| has these properties, including any of these words Any attachment > has these properties, including any of these words |
AttachmentPropertyContainsWords ExceptIfAttachmentPropertyContainsWords |
First property: DocumentProperties Second property: |
Messages where the specified property of an attached Office document contains the specified words. This condition helps you integrate mail flow rules with SharePoint, File Classification Infrastructure (FCI) in Windows Server 2012 R2 or later, or a third-party classification system. You can select from a list of built-in properties, or specify a custom property. |
Any recipients
The conditions and exceptions in this section provide a unique capability that affects all recipients when the message contains at least one of the specified recipients. For example, let's say you have a rule that rejects messages. If you use a recipient condition from the Recipients section, the message is only rejected for those specified recipients. For example, if the rule finds the specified recipient in a message, but the message contains five other recipients, then the message is rejected for that one recipient, and is delivered to the five other recipients.
If you add a recipient condition from this section, that same message is rejected for the detected recipient and the five other recipients.
Conversely, a recipient exception from this section prevents the rule action from being applied to all recipients of the message, not just for the detected recipients.
Note
These conditions don't consider messages that are sent to recipient proxy addresses. They only match messages that are sent to the recipient's primary email address.
These conditions are applied to all recipients in the current fork of the message only. If the message was bifurcated by any other action (for example, anti-malware or an earlier mail flow rule), the action will be applied on the matching fork only.
| Condition or exception in the EAC | Condition and exception parameters in Exchange Online PowerShell | Property type | Description |
|---|---|---|---|
| Any recipient address includes Any recipient > address includes any of these words |
AnyOfRecipientAddressContainsWords ExceptIfAnyOfRecipientAddressContainsWords |
Words |
Messages that contain the specified words in the To, Cc, or Bcc fields of the message. |
| Any recipient address matches Any recipient > address matches any of these text patterns |
AnyOfRecipientAddressMatchesPatterns ExceptIfAnyOfRecipientAddressMatchesPatterns |
Patterns |
Messages where the To, Cc, or Bcc fields contain text patterns that match the specified regular expressions. |
Message sensitive information types, To and Cc values, size, and character sets
The conditions in this section that look for values in the To and Cc fields behave like the conditions in the Any recipients section (all recipients of the message are affected by the rule, not just the detected recipients).
Notes:
- The recipient conditions in this section don't consider messages that are sent to recipient proxy addresses. They only match messages that are sent to the recipient's primary email address.
- For more information about using Microsoft 365 groups with the recipient conditions in this section, see the Addresses entry in the Property types section.
| Condition or exception in the EAC | Condition and exception parameters in Exchange Online PowerShell | Property type | Description |
|---|---|---|---|
| The To box contains The message > To box contains this person |
AnyOfToHeader ExceptIfAnyOfToHeader |
Addresses |
Messages where the To field includes any of the specified recipients. |
| The To box contains a member of The message > To box contains a member of this group |
AnyOfToHeaderMemberOf ExceptIfAnyOfToHeaderMemberOf |
Addresses |
Messages where the To field contains a recipient who is a member of the specified distribution group, mail-enabled security group, or Microsoft 365 group. |
| The Cc box contains The message > Cc box contains this person |
AnyOfCcHeader ExceptIfAnyOfCcHeader |
Addresses |
Messages where the Cc field includes any of the specified recipients. |
| The Cc box contains a member of The message > contains a member of this group |
AnyOfCcHeaderMemberOf ExceptIfAnyOfCcHeaderMemberOf |
Addresses |
Messages where the Cc field contains a recipient who is a member of the specified distribution group or mail-enabled security group. |
| The To or Cc box contains The message > To or Cc box contains this person |
AnyOfToCcHeader ExceptIfAnyOfToCcHeader |
Addresses |
Messages where the To or Cc fields contains any of the specified recipients. |
| The To or Cc box contains a member of The message > To or Cc box contains a member of this group |
AnyOfToCcHeaderMemberOf ExceptIfAnyOfToCcHeaderMemberOf |
Addresses |
Messages where the To or Cc fields contains a recipient who is a member of the specified distribution group or mail-enabled security group. |
| The message size is greater than or equal to The message > size is greater than or equal to |
MessageSizeOver ExceptIfMessageSizeOver |
Size |
Messages where the total size (message plus attachments) is greater than or equal to the specified value. In the EAC, you can only specify the size in kilobytes (KB). Note: Message size limits on mailboxes are evaluated before mail flow rules' action. A message that's too large for a mailbox will be rejected before a rule with this condition is able to act on the message. |
| The message character set name includes any of these words The message > character set name includes any of these words |
ContentCharacterSetContainsWords ExceptIfContentCharacterSetContainsWords |
CharacterSets |
Messages that have any of the specified character set names. |
Sender and recipient
| Condition or exception in the EAC | Condition and exception parameters in Exchange Online PowerShell | Property type | Description |
|---|---|---|---|
| The sender is one of the recipient's The sender and the recipient > the sender's relationship to a recipient is |
SenderManagementRelationship ExceptIfSenderManagementRelationship |
ManagementRelationship |
Messages where the sender is either the manager of a recipient or is managed by a recipient. |
| The message is between members of these groups The sender and the recipient > the message is between members of these groups |
BetweenMemberOf1 and BetweenMemberOf2 ExceptIfBetweenMemberOf1 and ExceptIfBetweenMemberOf2 |
Addresses |
Messages that are sent between members of the specified distribution groups or mail-enabled security groups. For more information about using Microsoft 365 groups with this condition, see the Addresses entry in the Property types section. |
| The manager of the sender or recipient is The sender and the recipient > the manager of the sender or recipient is this person |
ManagerForEvaluatedUser and ManagerAddress ExceptIfManagerForEvaluatedUser and ExceptIfManagerAddress |
First property: EvaluatedUser Second property: |
Messages where a specified user is either the manager of the sender or of a recipient. |
| The sender's and any recipient's property compares as The sender and the recipient > the sender and recipient property compares as |
ADComparisonAttribute and ADComparisonOperator ExceptIfADComparisonAttribute and ExceptIfADComparisonOperator |
First property: ADAttribute Second property: |
Messages where the specified Active Directory attributes for the sender and recipient either match or don't match. |
Message properties
| Condition or exception in the EAC | Condition and exception parameters in Exchange Online PowerShell | Property type | Description |
|---|---|---|---|
| The message type is The message properties > include the message type |
MessageTypeMatches ExceptIfMessageTypeMatches |
MessageType |
Messages of the specified type. Note: When Outlook or Outlook on the web (formerly known as Outlook Web App) is configured to forward a message, the ForwardingSmtpAddress property is added to the message. In thin clients like Outlook on the web, encryption as a message type is currently not supported. If the message has been forwarded using mailbox forwarding (also known as SMTP Forwarding), this condition/exception will not match during mail flow rule evaluation. |
| The message is classified as The message properties > include this classification |
HasClassification ExceptIfHasClassification |
MessageClassification |
Messages that have the specified message classification. This classification is a custom message classification that you can create in your organization by using the New-MessageClassification cmdlet. Note: This condition/exception isn't available in standalone EOP environments. |
| The message isn't marked with any classifications The message properties > don't include any classification |
HasNoClassification ExceptIfHasNoClassification |
n/a | Messages that don't have a message classification. Note: This condition/exception isn't available in standalone EOP environments. |
| The message importance is set to The message properties > include the importance level |
WithImportance ExceptIfWithImportance |
Importance |
Messages that are marked with the specified "Importance" level. |
Message headers
Note
The search for words or text patterns in the subject or other header fields in the message occurs after the message has been decoded from the MIME content transfer encoding method that was used to transmit the binary message between SMTP servers in ASCII text. You can't use conditions or exceptions to search for the raw (typically, Base64) encoded values of the subject or other header fields in messages.
| Condition or exception in the EAC | Condition and exception parameters in Exchange Online PowerShell | Property type | Description |
|---|---|---|---|
| A message header includes A message header > includes any of these words |
HeaderContainsMessageHeader and HeaderContainsWords ExceptIfHeaderContainsMessageHeader and ExceptIfHeaderContainsWords |
First property: MessageHeaderField Second property: |
Messages that contain the specified header field, and the value of that header field contains the specified words. The name of the header field and the value of the header field are always used together. |
| A message header matches A message header > matches these text patterns |
HeaderMatchesMessageHeader and HeaderMatchesPatterns ExceptIfHeaderMatchesMessageHeader and ExceptIfHeaderMatchesPatterns |
First property: MessageHeaderField Second property: |
Messages that contain the specified header field, and the value of that header field contains the specified regular expressions. The name of the header field and the value of the header field are always used together. |
Property types
The property types that are used in conditions and exceptions are described in the following table:
Note
If the property is a string, trailing spaces aren't allowed.
| Property type | Valid values | Description |
|---|---|---|
ADAttribute |
Select from a predefined list of Active Directory attributes | You can check against any of the following Active Directory attributes:
In the EAC, to specify multiple words or text patterns for the same attribute, separate the values with commas. For example, the value In Exchange Online PowerShell, use the syntax When you specify multiple attributes, or multiple values for the same attribute, the or operator is used. Don't use values with leading or trailing spaces. The Country attribute requires the two-letter ISO 3166-1 country code value (for example, DE for Germany). For more information, see Country Codes - ISO 3166. |
Addresses |
Exchange Online recipients | Depending on the nature of the condition or exception, you might be able to specify any mail-enabled object in the organization (for example, recipient-related conditions), or you might be limited to a specific object type (for example, groups for group membership conditions). And, the condition or exception might require one value, or allow multiple values. In Exchange Online PowerShell, separate the multiple values by commas. This condition doesn't consider messages that are sent to recipient proxy addresses. It only matches messages that are sent to the recipient's primary email address. The recipient picker in the EAC doesn't allow you to select Microsoft 365 groups from the list of recipients. But, you can enter the email address of a Microsoft 365 group in the box next to Check names, and then validate the email address by selecting Check names, which will add the group to the add box. |
CharacterSets |
Array of character set names | One or more content character sets that exist in a message. For example:
|
DomainName |
Array of SMTP domains | For example, contoso.com or eu.contoso.com. In Exchange Online PowerShell, you can specify multiple domains separated by commas. |
EvaluatedUser |
Single value of Sender or Recipient | Specifies whether the rule is looking for the manager of the sender or of the recipient. |
Evaluation |
Single value of Equal or Not equal (NotEqual) |
When comparing the Active Directory attribute of the sender and recipients, this property specifies whether the values should match, or not match. |
Importance |
Single value of Low, Normal, or High | The "Importance" level that was assigned to the message by the sender in Outlook or Outlook on the web. |
IPAddressRanges |
Array of IP addresses or address ranges | You enter the IPv4 addresses using the following syntax:
In Exchange Online PowerShell, you can specify multiple IP addresses or ranges separated by commas. |
ManagementRelationship |
Single value of Manager or Direct report (DirectReport) |
Specifies the relationship between the sender and any of the recipients. The rule checks the Manager attribute in Active Directory to see if the sender is the manager of a recipient or is managed by a recipient. |
MessageClassification |
Single message classification | In the EAC, you select from the list of message classifications that you've created. In Exchange Online PowerShell, you use the Get-MessageClassification cmdlet to identify the message classification. For example, use the following command to search for messages with the |
MessageHeaderField |
Single string | Specifies the name of the header field. The name of the header field is always paired with the value in the header field (word or text pattern match). The message header is a collection of required and optional header fields in the message. Examples of header fields are To, From, Received, and Content-Type. Official header fields are defined in RFC 5322. Unofficial header fields start with X- and are known as X-headers. |
MessageType |
Single message type value | Specifies one of the following message types:
Note: When Outlook or Outlook on the web is configured to forward a message, the ForwardingSmtpAddress property is added to the message. |
Patterns |
Array of regular expressions | Specifies one or more regular expressions that are used to identify text patterns in values. For more information, see Regular Expression Syntax. In Exchange Online PowerShell, you specify multiple regular expressions separated by commas, and you enclose each regular expression within quotation marks ("). |
SCLValue |
One of the following values:
|
Specifies the spam confidence level (SCL) that's assigned to a message. A higher SCL value indicates that a message is more likely to be spam. |
Size |
Single size value | Specifies the size of an attachment or the whole message. In the EAC, you can only specify the size in kilobytes (KB). In Exchange Online PowerShell, when you enter a value, qualify the value with one of the following units:
For example, |
SupervisionList |
Single value of Allow or Block | Supervision policies were a feature in Live@edu that allowed you to control who could send mail to and receive mail from users in your organization (for example, the closed campus and anti-bullying policies). In Microsoft 365 and Office 365, you can't configure supervision list entries on mailboxes. |
UserScopeFrom |
Single value of Inside the organization (InOrganization) or Outside the organization (NotInOrganization) |
A sender is considered to be inside the organization if either of the following conditions is true:
A sender is considered to be outside the organization if either of the following conditions is true:
Note: To determine whether mail contacts are considered to be inside or outside the organization, the sender's address is compared with the organization's accepted domains. |
UserScopeTo |
One of the following values:
|
A recipient is considered to be inside the organization if any of the following conditions are true:
A recipient is considered to be outside the organization if either of the following conditions is true:
|
Words |
Array of strings | Specifies one or more words to look for. The words aren't case-sensitive, and can be surrounded by spaces and punctuation marks. Wildcards and partial matches aren't supported. For example, "contoso" matches " Contoso". However, if the text is surrounded by other characters, it isn't considered a match. For example, "contoso" doesn't match the following values:
The asterisk (*) is treated as a literal character, and isn't used as a wildcard character. The "at" sign (@) is also treated as a literal character. Therefore, if it's used when searching Recipient Addresses, it won't match. For example:
In this scenario, the correct way to set up matching patterns is to use either ExceptIfRecipientDomainIs or ExceptIfRecipientAddressMatchesPatterns |
For more information
Mail flow rules (transport rules) in Exchange Online
Mail flow rule actions in Exchange Online