Mail flow rule actions in Exchange 2016

 

Applies to: Exchange Server 2016

Topic Last Modified: 2016-10-20

Learn about the actions that are available for mail flow rules (transport rules) in Exchange 2016.

Actions in mail flow rules (also known as transport rules) specify what you want to do to messages that match conditions of the rule. For example, you can create a rule that forwards message from specific senders to a moderator, or adds a disclaimer or personalized signature to all outbound messages.

Actions typically require additional properties. For example, when the rule redirects a message, you need to specify where to redirect the message. Some actions have multiple properties that are available or required. For example, when the rule adds a header field to the message header, you need to specify both the name and value of the header. When the rule adds a disclaimer to messages, you need to specify the disclaimer text, but you can also specify where to insert the text, or what to do if the disclaimer can't be added to the message. Typically, you can configure multiple actions in a rule, but some actions are exclusive. For example, one rule can't reject and redirect the same message.

For more information about mail flow rules in Exchange Server 2016, see Mail flow rules in Exchange 2016.

For more information about conditions and exceptions in mail flow rules, see Mail flow rule conditions and exceptions (predicates) in Exchange 2016.

For more information about actions in mail flow rules in Exchange Online Protection or Exchange Online, see Mail flow rule actions or Transport rule actions.

The actions that are available in mail flow rules on Mailbox servers are described in the following table. Valid values for each property are described in Property values section.

Notes:

  • After you select an action in the Exchange admin center (EAC), the value that's ultimately shown in the Do the following field is often different from the click path you selected. Also, when you create new rules, you can sometimes (depending on the selections you make) select a short action name from a template (a filtered list of actions) instead of following the complete click path. The short names and full click path values are shown in the EAC column in the table.

  • The names of some of the actions that are returned by the Get-TransportRuleAction cmdlet are different than the corresponding parameter names, and multiple parameters might be required for an action.

 

Action in the EAC Action parameter in the Exchange Management Shell Property Description Available in

Forward the message for approval to these people

Forward the message for approval > to these people

ModerateMessageByUser

Addresses

Forwards the message to the specified moderators as an attachment wrapped in an approval request. For more information, see Common message approval scenarios. You can't use a distribution group as a moderator.

Exchange 2010 or later

Forward the message for approval to the sender's manager

Forward the message for approval > to the sender's manager

ModerateMessageByManager

n/a

Forwards the message to the sender's manager for approval.

This action only works if the sender's Manager attribute is defined in Active Directory. Otherwise, the message is delivered to the recipients without moderation.

Exchange 2010 or later

Redirect the message to these recipients

Redirect the message to > these recipients

RedirectMessageTo

Addresses

Redirects the message to the specified recipients. The message isn't delivered to the original recipients, and no notification is sent to the sender or the original recipients.

Exchange 2010 or later

Reject the message with the explanation

Block the message > reject the message and include an explanation

RejectMessageReasonText

String

Returns the message to the sender in a non-delivery report (also known as an NDR or bounce message) with the specified text as the rejection reason. The recipient doesn't receive the original message or notification.

The default enhanced status code that's used is 5.7.1.

When you create or modify the rule in the Exchange Management Shell, you can specify the DSN code by using the RejectMessageEnhancedStatusCode parameter.

Exchange 2010 or later

Reject the message with the enhanced status code

Block the message > reject the message with the enhanced status code of

RejectMessageEnhancedStatusCode

DSNEnhancedStatusCode

Returns the message to the sender in an NDR with the specified enhanced delivery status notification (DSN) code. The recipient doesn't receive the original message or notification.

Valid DSN codes are 5.7.1 or 5.7.900 through 5.7.999.

The default reason text that's used is Delivery not authorized, message refused.

When you create or modify the rule in the Exchange Management Shell, you can specify the rejection reason text by using the RejectMessageReasonText parameter.

Exchange 2010 or later

Delete the message without notifying anyone

Block the message > delete the message without notifying anyone

DeleteMessage

n/a

Silently drops the message without sending a notification to the recipient or the sender.

Exchange 2010 or later

Add recipients to the Bcc box

Add recipients > to the Bcc box

BlindCopyTo

Addresses

Adds one or more recipients to the Bcc field of the message. The original recipients aren't notified, and they can't see the additional addresses.

Exchange 2010 or later

Add recipients to the To box

Add recipients > to the To box

AddToRecipients

Addresses

Adds one or more recipients to the To field of the message. The original recipients can see the additional addresses.

Exchange 2010 or later

Add recipients to the Cc box

Add recipients > to the Cc box

CopyTo

Addresses

Adds one or more recipients to the Cc field of the message. The original recipients can see the additional address.

Exchange 2010 or later

Add the sender's manager as a recipient

Add recipients > add the sender's manager as a recipient

AddManagerAsRecipientType

AddedManagerAction

Adds the sender's manager to the message as the specified recipient type (To, Cc, Bcc), or redirects the message to the sender's manager without notifying the sender or the recipient.

This action only works if the sender's Manager attribute is defined in Active Directory.

Exchange 2010 or later

Append the disclaimer

Apply a disclaimer to the message > append a disclaimer

ApplyHtmlDisclaimerText

ApplyHtmlDisclaimerFallbackAction

ApplyHtmlDisclaimerTextLocation

First property: DisclaimerText

Second property: DisclaimerFallbackAction

Third property (Exchange Management Shell only): DisclaimerTextLocation

Applies the specified HTML disclaimer to the end of the message.

When you create or modify the rule in the Exchange Management Shell, use the ApplyHtmlDisclaimerTextLocation parameter with the value Append.

Exchange 2010 or later

Prepend the disclaimer

Apply a disclaimer to the message > prepend a disclaimer

ApplyHtmlDisclaimerText

ApplyHtmlDisclaimerFallbackAction

ApplyHtmlDisclaimerTextLocation

First property: DisclaimerText

Second property: DisclaimerFallbackAction

Third property (Exchange Management Shell only): DisclaimerTextLocation

Applies the specified HTML disclaimer to the beginning of the message.

When you create or modify the rule in the Exchange Management Shell, use the ApplyHtmlDisclaimerTextLocation parameter with the value Prepend.

Exchange 2010 or later

Remove this header

Modify the message properties > remove a message header

RemoveHeader

MessageHeaderField

Removes the specified header field from the message header.

Exchange 2010 or later

Set the message header to this value

Modify the message properties > set a message header

SetHeaderName

SetHeaderValue

First property: MessageHeaderField

Second property: String

Adds or modifies the specified header field in the message header, and sets the header field to the specified value.

Exchange 2010 or later

Apply a message classification

Modify the message properties > apply a message classification

ApplyClassification

MessageClassification

Applies the specified message classification to the message.

Exchange 2010 or later

Set the spam confidence level (SCL) to

Modify the message properties > set the spam confidence level (SCL)

SetSCL

SCLValue

Sets the spam confidence level (SCL) of the message to the specified value.

Exchange 2010 or later

Apply rights protection to the message with

Modify the message security > apply rights protection

ApplyRightsProtectionTemplate

RMSTemplate

Applies the specified Rights Management Services (RMS) template to the message.

RMS requires Exchange Enterprise client access licenses (CALs) for each mailbox. For more information about CALs, see Exchange Server Licensing.

Exchange 2010 or later

Require TLS encryption

Modify the message security > require TLS encryption

RouteMessageOutboundRequireTls

n/a

Forces the outbound messages to be routed over a TLS encrypted connection.

Exchange 2013 or later

Prepend the subject of the message with

PrependSubject

String

Adds the specified text to the beginning of the Subject field of the message. Consider using a space or a colon (:) as the last character of the specified text to differentiate it from the original subject text.

To prevent the same string from being added to messages that already contain the text in the subject (for example, replies), add the The subject includes (ExceptIfSubjectContainsWords) exception to the rule.

Exchange 2010 or later

Notify the sender with a Policy Tip

NotifySender

RejectMessageReasonText

RejectMessageEnhancedStatusCode (Exchange Management Shell only)

First property: NotifySenderType

Second property: String

Third property (Exchange Management Shell only): DSNEnhancedStatusCode

Notifies the sender or blocks the message when the message matches a DLP policy.

When you use this action, you need to use the The message contains sensitive information (MessageContainsDataClassification condition.

When you create or modify the rule in the Exchange Management Shell, the RejectMessageReasonText parameter is optional. If you don't use this parameter, the default text Delivery not authorized, message refused is used.

In the Exchange Management Shell, you can also use the RejectMessageEnhancedStatusCode parameter to specify the enhanced status code. If you don't use this parameter, the default enhanced status code 5.7.1 is used.

This action limits the other conditions, exceptions, and actions that you can configure in the rule.

Exchange 2013 or later

Generate incident report and send it to

GenerateIncidentReport

IncidentReportContent

First property: Addresses

Second property: IncidentReportContent

Sends an incident report that contains the specified content to the specified recipients.

An incident report is generated for messages that match data loss prevention (DLP) policies in your organization.

Exchange 2013 or later

Notify the recipient with a message

GenerateNotification

NotificationMessageText

Specifies the text, HTML tags, and message keywords to include in the notification message that's sent to the message's recipients. For example, you can notify recipients that the message was rejected by the rule, or marked as spam and delivered to their Junk Email folder.

Exchange 2013 or later

Properties of this rule section > Audit this rule with severity level

SetAuditSeverity

AuditSeverityLevel

Specifies whether to:

  • Prevent the generation of an incident report and the corresponding entry in the message tracking log.

  • Generate an incident report and the corresponding entry in the message tracking log with the specified severity level (low, medium, or high).

Exchange 2013 or later

Properties of this rule section > Stop processing more rules

More options > Properties of this rule section > Stop processing more rules

StopRuleProcessing

n/a

Specifies that after the message is affected by the rule, the message is exempt from processing by other rules.

Exchange 2013 or later

Return to top

A small subset of actions that are available on Mailbox servers are also available on Edge Transport servers, but there are also some actions that are only available on Edge Transport servers. There's no EAC on Edge Transport servers, so you can only manage mail flow rules in the Exchange Management Shell on the local Edge Transport server. The actions are described in the following table. The properties types are described in the Property values section.

 

Action parameter in the Exchange Management ShellPropertyDescriptionAvailable onAvailable in

AddToRecipients

Addresses

Adds one or more recipients to the To field of the message. The original recipients can see the additional addresses.

Mailbox servers and Edge Transport servers

Exchange 2010 or later

BlindCopyTo

Addresses

Adds one or more recipients to the Bcc field of the message. The original recipients aren't notified, and they can't see the additional addresses.

Mailbox servers and Edge Transport servers

Exchange 2010 or later

CopyTo

Addresses

Adds one or more recipients to the Cc field of the message. The original recipients can see the additional address.

Mailbox servers and Edge Transport servers

Exchange 2010 or later

DeleteMessage

n/a

Silently drops the message without sending a notification to the recipient or the sender.

Mailbox servers and Edge Transport servers

Exchange 2010 or later

Disconnect

n/a

Ends the SMTP connection between the sending server and the Edge Transport server without generating an NDR.

Edge Transport servers only

Exchange 2010 or later

LogEventText

String

Generates an event with the specified text in the Application log of the local Edge Transport server. The entry contains the following information:

  • Level   Information

  • Source   MSExchange Messaging Policies

  • Event ID   4000

  • Task Category   Rules

  • EventData   The following message is logged by an action in the rules: <text you specify>.

Edge Transport servers only

Exchange 2010 or later

PrependSubject

String

Adds the specified text to the beginning of the Subject field of the message. Consider using a space or a colon (:) as the last character of the specified text to differentiate it from the original subject.

Mailbox servers and Edge Transport servers

Exchange 2010 or later

Quarantine

n/a

Delivers the message to the quarantine mailbox that's defined in the content filtering configuration on the Edge Transport server. For more information, see Configure a spam quarantine mailbox.

If the quarantine mailbox isn't configured, the message is returned to the sender in an NDR.

Edge Transport servers only

Exchange 2010 or later

RedirectMessageTo

Addresses

Redirects the message to the specified recipients. The message isn't delivered to the original recipients, and no notification is sent to the sender or the original recipients.

Mailbox servers and Edge Transport servers

Exchange 2010 or later

RemoveHeader

MessageHeaderField

Removes the specified header field from the message header.

Mailbox servers and Edge Transport servers

Exchange 2010 or later

SetHeaderName

SetHeaderValue

First property: MessageHeaderField

Second property: String

Adds or modifies the specified header field in the message header, and sets the header field to the specified value.

Mailbox servers and Edge Transport servers

Exchange 2010 or later

SetSCL

SCLValue

Sets the SCL of the message to the specified value.

Mailbox servers and Edge Transport servers

Exchange 2010 or later

SmtpRejectMessageRejectText

SmtpRejectMessageRejectStatusCode

First property: String

Second property: SMTPStatusCode

Ends the SMTP connection between the sending server and the Edge Transport server with the specified SMTP status code and the specified rejection text. The recipient doesn't receive the original message or notification.

Valid values for the SMTP status code are integers from 400 through 500 as defined in RFC 3463.

If you specify the rejection text without specifying the SMTP status code, the default code 550 is used.

If you specify the SMTP status code without specifying the rejection text, the text that's used is Delivery not authorized, message refused.

Edge Transport servers only

Exchange 2010 or later

StopRuleProcessing

n/a

Specifies that after the message is affected by the rule, the message is exempt from processing by other rules.

Mailbox servers and Edge Transport servers

Exchange 2013 or later

The property values that are used for actions in mail flow rules are described in the following table.

 

Property Valid values Description

AddedManagerAction

One of the following values:

  • To

  • Cc

  • Bcc

  • Redirect

Specifies how to include the sender's manager in messages.

  • If you select To, Cc, or Bcc, the sender's manager is added as a recipient in the specified field.

  • If you select Redirect, the message is only delivered to the sender's manager without notifying the sender or the recipient.

This action only works if the sender's Manager attribute is defined in Active Directory.

Addresses

Exchange recipients

Depending on the action, you might be able to specify any mail-enabled object in the organization, or you might be limited to a specific object type. Typically, you can select multiple recipients, but you can only send an incident report to one recipient.

AuditSeverityLevel

One of the following values:

  • Uncheck Audit this rule with severity level, or select Audit this rule with severity level with the value Not specified (DoNotAudit)

  • Low

  • Medium

  • High

The values Low, Medium, or High specify the severity level that's assigned to the incident report and to the corresponding entry in the message tracking log.

The other value prevents an incident report from being generated, and prevents the corresponding entry from being written to the message tracking log.

DisclaimerFallbackAction

One of the following values:

  • Wrap

  • Ignore

  • Reject

Specifies what to do if the disclaimer can't be applied to a message. There are situations where the contents of a message can't be altered (for example, the message is encrypted). The available fallback actions are:

  • Wrap   The original message is wrapped in a new message envelope, and the disclaimer text is inserted into the new message. This is the default value.

    Notes:

    • Subsequent mail flow rules are applied to the new message envelope, not to the original message. Therefore, configure these rules with a lower priority than other rules.

    • If the original message can't be wrapped in a new message envelope, the original message isn't delivered. The message is returned to the sender in an NDR.

  • Ignore   The rule is ignored and the message is delivered without the disclaimer

  • Reject   The message is returned to the sender in an NDR.

DisclaimerText

HTML string

Specifies the disclaimer text, which can include HTML tags, inline cascading style sheet (CSS) tags, and images by using the IMG tag. The maximum length is 5000 characters, including tags.

DisclaimerTextLocation

Single value: Append or Prepend

In the Exchange Management Shell, you use the ApplyHtmlDisclaimerTextLocation to specify the location of the disclaimer text in the message:

  • Append   Add the disclaimer to the end of the message body. This is the default value.

  • Prepend   Add the disclaimer to the beginning of the message body.

DSNEnhancedStatusCode

Single DSN code value:

  • 5.7.1

  • 5.7.900 through 5.7.999

Specifies the DSN code that's used. You can create custom DSNs by using the New-SystemMessage cmdlet.

If you don't specify the rejection reason text along with the DSN code, the default reason text that's used is Delivery not authorized, message refused.

When you create or modify the rule in the Exchange Management Shell, you can specify the rejection reason text by using the RejectMessageReasonText parameter.

IncidentReportContent

One or more of the following values:

  • Sender

  • Recipients

  • Subject

  • Cc'd recipients (Cc)

  • Bcc'd recipients (Bcc)

  • Severity

  • Sender override information (Override)

  • Matching rules (RuleDetections)

  • False positive reports (FalsePositive)

  • Detected data classifications (DataClassifications)

  • Matching content (IdMatch)

  • Original mail (AttachOriginalMail)

Specifies the original message properties to include in the incident report. You can choose to include any combination of these properties. In addition to the properties you specify, the message ID is always included. The available properties are:

  • Sender   The sender of the original message.

  • Recipients, Cc'd recipients , and Bcc'd recipients   All recipients of the message, or only the recipients in the Cc or Bcc fields. For each property, only the first 10 recipients are included in the incident report.

  • Subject   The Subject field of the original message.

  • Severity   The audit severity of the rule that was triggered. Message tracking logs include all the audit severity levels, and can be filtered by audit severity. In the EAC, if you clear the Audit this rule with severity level check box (in the Exchange Management Shell, the SetAuditSeverity parameter value DoNotAudit), rule matches won't appear in the rule reports. If a message is processed by more than one rule, the highest severity is included in any incident reports.

  • Sender override information   The override if the sender chose to override a Policy Tip. If the sender provided a justification, the first 100 characters of the justification are also included.

  • Matching rules   The list of rules that the message triggered.

  • False positive reports   The false positive if the sender marked the message as a false positive for a Policy Tip.

  • Detected data classifications   The list of sensitive information types detected in the message.

  • Matching content   The sensitive information type detected, the exact matched content from the message, and the 150 characters before and after the matched sensitive information.

  • Original mail   The entire message that triggered the rule is attached to the incident report.

In the Exchange Management Shell, you specify multiple values separated by commas.

MessageClassification

Single message classification object

In the EAC, you select from the list of available message classifications.

In the Exchange Management Shell, use the Get-MessageClassification cmdlet to see the message classification objects that are available.

MessageHeaderField

Single string

Specifies the SMTP message header field to add, remove, or modify.

The message header is a collection of required and optional header fields in the message. Examples of header fields are To, From, Received, and Content-Type. Official header fields are defined in RFC 5322. Unofficial header fields start with X- and are known as X-headers.

NotificationMessageText

Any combination of plain text, HTML tags, and keywords

Specified the text to use in a recipient notification message.

In addition to plain text and HTML tags, you can specify the following keywords that use values from the original message:

  • %%From%%

  • %%To%%

  • %%Cc%%

  • %%Subject%%

  • %%Headers%%

  • %%MessageDate%%

NotifySenderType

One of the following values:

  • Notify the sender, but allow them to send (NotifyOnly)

  • Block the message (RejectMessage)

  • Block the message unless it's a false positive (RejectUnlessFalsePositiveOverride)

  • Block the message, but allow the sender to override and send (RejectUnlessSilentOverride)

  • Block the message, but allow the sender to override with a business justification and send (RejectUnlessExplicitOverride)

Specifies the type of Policy Tip that the sender receives if the message violates a DLP policy. The settings are described in the following list:

  • Notify the sender, but allow them to send The sender is notified, but the message is delivered normally.

  • Block the message The message is rejected, and the sender is notified.

  • Block the message unless it's a false positive The message is rejected unless it's marked as a false positive by the sender.

  • Block the message, but allow the sender to override and send The message is rejected unless the sender has chosen to override the policy restriction.

  • Block the message, but allow the sender to override with a business justification and send This is similar to Block the message, but allow the sender to override and send type, but the sender also provides a justification for overriding the policy restriction.

When you use this action, you need to use the The message contains sensitive information (MessageContainsDataClassification) condition.

RMSTemplate

Single RMS template object

Specifies the Rights Management Services (RMS) template that's applied to the message.

In the EAC, you select the RMS template from a list.

In the Exchange Management Shell, use the Get-RMSTemplate cmdlet to see the RMS templates that are available.

RMS requires Exchange Enterprise client access licenses (CALs) for each mailbox. For more information about CALs, see Exchange Server Licensing.

SCLValue

One of the following values:

  • Bypass spam filtering (-1)

  • Integers 0 through 9

Specifies the spam confidence level (SCL) that's assigned to the message. A higher SCL value indicates that a message is more likely to be spam.

String

Single string

Specifies the text that's applied to the specified message header field, NDR, or event log entry.

In the Exchange Management Shell, if the value contains spaces, enclose the value in quotation marks (").

Return to top

 
Show: