Export (0) Print
Expand All

Transport rules

Exchange Online
 

Applies to: Exchange Online Protection, Exchange Online

Topic Last Modified: 2014-04-22

Using transport rules, you can look for specific conditions in messages that pass through your organization and take action on them. Transport rules let you apply messaging policies to email messages, secure messages, protect messaging systems, and prevent information leakage.

Many organizations today are required by law, regulatory requirements, or company policies to apply messaging policies that limit the interaction between recipients and senders, both inside and outside the organization. In addition to limiting interactions among individuals, departmental groups inside the organization, and entities outside the organization, some organizations are also subject to the following messaging policy requirements:

  • Preventing inappropriate content from entering or leaving the organization

  • Filtering confidential organization information

  • Tracking or archiving copying messages that are sent to or received from specific individuals

  • Redirecting inbound and outbound messages for inspection before delivery

  • Applying disclaimers to messages as they pass through the organization

Looking for management tasks related to managing transport rules? See Manage Transport Rules.

For each rule, you have the option of enforcing it, testing it and notifying the sender, or just testing the rule. You can notify the sender that they might be violating one of the rules—even before they send an offending message. You can accomplish this by configuring Policy Tips and setting the mode of the rule. Policy Tips are similar to MailTips, and can be configured to present a brief note in the Microsoft Outlook 2013 client that provides information about possible policy violations to a person creating a message. For more information, see Policy Tips. When you view your list of transport rules, you may find a rule that includes the description version 14. This means that the rule is based on an Exchange Server 2010 transport rule format. You can configure any option for these types of rules.

Contents

Overview of Transport rules

Transport rule components

Transport rule modes

How Transport rules are applied

Transport rules are similar to the Inbox rules that are available in many email clients. The main difference between transport rules and rules you would set up in a client application such as Outlook is that transport rules take action on messages while they’re in transit as opposed to after the message is delivered. Transport rules also contain a richer set of conditions, exceptions, and actions, which provides you with the flexibility to create a customized rule. You can create up to 100 transport rules in order to implement your business-rule compliance.

The following list summarizes the basic workflow for transport rules:

  1. You create and test transport rules to meet your business needs.

  2. As messages go through your organization, the Transport rules agent is invoked. The Transport rules agent is a special component that checks messages against the transport rules you create.

  3. The Transport rules agent scans the message, and if the message fits the conditions you specify in a transport rule, it takes the specified action on that message.

The following sections provide information about the components of transport rules, and how the transport rules are applied.

Transport rules consist of the following components:

  • Conditions   Conditions specify the characteristics of messages to which you want to apply a transport rule action. Some conditions examine message fields or headers, such as the To, From, or Cc fields. Other conditions examine message characteristics such as message subject, body, attachments, message size, and message classification. Most conditions require that you specify a comparison operator, such as equals, doesn't equal, or contains, and a value to match. If there are no conditions or exceptions, the rule is applied to all messages.

  • Exceptions   Exceptions are based on the same characteristics used to build conditions. However, unlike conditions, exceptions identify messages to which transport rule actions shouldn't be applied. Exceptions override conditions and prevent actions from being applied to an email message, even if the message matches all configured conditions.

  • Actions   Actions are applied to messages that match all the conditions and don't match any of the exceptions. There are many actions available, such as rejecting, deleting, or redirecting messages, adding additional recipients, adding prefixes in the message subject, or inserting disclaimers in the message body.

For a complete list of transport rule conditions, see Transport Rule Conditions (Predicates). The list of predicates is also available in the Transport rule dialog in the EAC. If you use the Shell, you can retrieve the list of conditions by using the Get-TransportRulePredicate cmdlet.

For a complete list of transport rule actions available, see Transport rule actions. The list of actions is also available in the Transport rule dialog box in the EAC. If you use the Shell, you can retrieve the list of actions by using the Get-TransportRuleAction cmdlet.

There are three modes for each transport rule that define how the rule will be implemented:

  • Enforce: All actions on the rule will be enforced.

  • Test with Policy Tips: Any Policy Tip actions will be sent, but other enforcement actions will not be acted on

  • Test without Policy Tips: Actions will be listed in a log file, but senders will not be notified in any way, and enforcement actions will not be acted on

In order to make sure rules work as you intend, we recommend testing rules before setting them to Enforce.

All messages in your organization are evaluated against the Transport rules for your organization.

There are several types of messages that pass through an organization. The following table shows which messages types can be processed by transport rules.

 

Type of message Can a rule be applied?

Regular messages

Messages that contain a single rich text format (RTF), HTML, or plain text message body or a multipart or alternative set of message bodies.

Yes

Encrypted messages (Office 365 Message Encryption)

Messages that are encrypted using Office 365 Message Encryption.

Rules can always access envelope headers contained in encrypted messages and process messages based on conditions that inspect headers.

For a rule to inspect or modify Office 365 message encrypted content, your organization must:

  • Use Exchange Server or Exchange Online.

  • Have transport decryption set to Mandatory or Optional. Transport decryption is set to Optional by default.

  • Have the encryption key.

You can also create a rule that automatically decrypts encrypted messages.

Encrypted messages (S/MIME)

Messages that are encrypted using S/MIME.

Rules can access only envelope headers contained in S/MIME encrypted messages and process messages based on conditions that inspect headers. Rules with conditions that require inspection of message content, or actions that modify content, can't be processed.

Protected messages

Messages that are protected by applying an Active Directory Rights Management Services (AD RMS) rights policy template.

Rules can always access envelope headers contained in protected messages and process messages based on conditions that inspect headers.

For a rule to inspect or modify protected message content, your organization must:

  • Use Exchange Server or Exchange Online.

  • Have transport decryption set to Mandatory or Optional. Transport decryption is set to Optional by default.

  • Have the encryption key.

Clear-signed messages

Messages that have been signed but not encrypted.

Yes

Unified messaging email messages

Messages that are created or processed by the Unified Messaging service, such as voice mail, fax, missed call notifications, and messages created or forwarded by using Microsoft Outlook Voice Access.

Yes

Anonymous

Yes

Messages sent by anonymous senders.

Yes

Read reports

Reports that are generated in response to read receipt requests by senders. Read reports have a message class of IPM.Note*.MdnRead or IPM.Note*.MdnNotRead.

Yes

For each rule, you have the option of enforcing it, testing it and notifying the sender, or just testing the rule. You can notify the sender that they might be violating one of the rules—even before they send an offending message. You can accomplish this by configuring Policy Tips and setting the mode of the rule. Policy Tips are similar to MailTips, and can be configured to present a brief note in the Microsoft Outlook 2013 client that provides information about possible policy violations to a person creating a message. For more information, see Policy Tips.

The Transport rules agent evaluates the following elements when processing rules for a message:

  • Message scope   The first check performed by rules agents is whether a message falls within the scope of the agent. Transport rules aren't applied to all types of messages.

  • Priority   For messages that fall within the scope of the rules agent, the agent starts processing rules based on rule priority in ascending order. The rule with a priority of 0 is processed first, followed by the rule with a priority of 1 and so on. Transport rule priority values range from 0 to n-1, where n is the total number of transport rules. Only enabled rules are processed. You can change the rule priority.

  • Rules with no conditions or exceptions   If a rule has no conditions and no exceptions, it’s applied to all messages.

  • Conditions   The conditions describe the type of message for which the rule is intended, and the rules agent applies the rules to the messages that match the criteria specified in the rule conditions.

  • Rules with multiple conditions   It may be necessary to use more than one condition to specify a rule. For a rule's action to be applied to a message, it must match all the conditions selected in the rule. For example, if a rule uses the conditions The sender is a member of this group and The subject includes any of these words, the message must match both conditions. It must be sent by a member of the specified distribution group, and the message subject must contain the specified word.

  • Conditions with multiple values   Some conditions allow you to specify more than one value. If one condition allows you to enter multiple values, the message must match any value specified for that condition. For example, if an email message has the subject Stock price information, and the The subject includes any of these words condition on a transport rule is configured to match the words Contoso and stock, the condition is satisfied because the subject contains at least one of the condition values.

  • Exceptions   A rule isn't applied to messages that match any of the exceptions defined in the rule. This is exactly opposite of how the rules agent treats conditions. For example, if the exceptions Except if the sender is this person and Except if the subject or body includes any of these words are selected, the message fails to match the rule condition if the message is sent from any of the specified senders, or if the message contains any of the specified words.

  • Actions   Messages that match the rules conditions get all actions specified in the rule applied to them. For example, if the actions Prepend the subject of the message with and Add recipients to the Bcc box are selected, both actions are applied to the message. The message will get the specified string prefixed to the message subject, and the recipients specified will be added as Bcc recipients.

    Keep in mind that some actions, such as the Delete the message without notifying anyone action, prevent subsequent rules from being applied to a message. You can also configure a rule so that when that rule is applied, the rules agent stops processing any subsequent rules.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft