Transport rule conditions and exceptions (predicates) in Exchange 2013
Article
01/26/2023
Applies to: Exchange Server 2013
Conditions and exceptions in transport rules identify the messages that the rule is applied to or not applied to. For example, if the rule adds a disclaimer to messages, you can configure the rule to only apply to messages that contain specific words, messages sent by specific users, or to all messages except those sent by the members of a specific group. Collectively, the conditions and exceptions in transport rules are also known as predicates, because for every condition, there's a corresponding exception that uses the exact same settings and syntax. The only difference is conditions specify messages to include, while exceptions specify messages to exclude.
Most conditions and exceptions have one property that requires one or more values. For example, the The sender is condition requires the sender of the message. Some conditions have two properties. For example, the A message header includes any of these words condition requires one property to specify the message header field, and a second property to specify the text to look for in the header field. Some conditions or exceptions don't have any properties. For example, the Any attachment has executable content condition simply looks for attachments in messages that have executable content.
Conditions and exceptions for transport rules on Mailbox servers
The tables in the following sections describe the conditions and exceptions that are available in transport rules on Mailbox servers. The properties types are described in the Property types section.
After you select a condition or exception in the Exchange admin center (EAC), the value that's ultimately shown in the Apply this rule if or Except if field is often different (shorter) than the click path value you selected. Also, when you create new rules based on a template (a filtered list of scenarios), you can often select a short condition name instead of following the complete click path. The short names and full click path values are shown in the EAC column in the tables.
If you select [Apply to all messages] in the EAC, you can't specify any other conditions. The equivalent in the Exchange Management Shell is to create a rule without specifying any condition parameters.
The settings and properties are the same in conditions and exceptions, so the output of the Get-TransportRulePredicate cmdlet doesn't list exceptions separately. Also, the names of some of the predicates that are returned by this cmdlet are different than the corresponding parameter names, and a predicate might require multiple parameters.
Senders
For conditions and exceptions that examine the sender's address, you can specify where rule looks for the sender's address.
In the EAC, in the Properties of this rule section, click Match sender address in message. Note that you might need to click More options to see this setting. In the Exchange Management Shell, the parameter is SenderAddressLocation. The available values are:
Header: Only examine senders in the message headers (for example, the From, Sender, or Reply-To fields). This is the default value, and is the way transport rules worked before Exchange 2013 Cumulative Update 1 (CU1).
Envelope: Only examine senders from the message envelope (the MAIL FROM value that was used in the SMTP transmission, which is typically stored in the Return-Path field). Note that message envelope searching is only available for the following conditions (and the corresponding exceptions):
The sender is (From)
The sender is a member of (FromMemberOf)
The sender address includes (FromAddressContainsWords)
The sender address matches (FromAddressMatchesPatterns)
The sender's domain is (SenderDomainIs)
Header or envelope (HeaderOrEnvelope) Examine senders in the message header and the message envelope.
Condition or exception in the EAC
Condition and exception parameters in the Exchange Management Shell
Property type
Description
Available in
The sender is
The sender > is this person
From
ExceptIfFrom
Addresses
Messages that are sent by the specified mailboxes, mail users, or mail contacts in the Exchange organization.
Exchange 2007 or later
The sender is located
The sender > is external/internal
FromScope
ExceptIfFromScope
UserScopeFrom
Messages that are sent by either internal senders or external senders.
Exchange 2007 or later
The sender is a member of
The sender > is a member of this group
FromMemberOf
ExceptIfFromMemberOf
Addresses
Messages that are sent by a member of the specified group.
Exchange 2007 or later
The sender address includes
The sender > address includes any of these words
FromAddressContainsWords
ExceptIfFromAddressContainsWords
Words
Messages that contain the specified words in the sender's email address.
Exchange 2007 or later
The sender address matches
The sender > address matches any of these text patterns
FromAddressMatchesPatterns
ExceptIfFromAddressMatchesPatterns
Patterns
Messages where the sender's email address contains text patterns that match the specified regular expressions.
Exchange 2007 or later
The sender's specified properties include any of these words
The sender > has specific properties including any of these words
SenderADAttributeContainsWords
ExceptIfSenderADAttributeContainsWords
First property: ADAttribute
Second property: Words
Messages where the specified Active Directory attribute of the sender contains any of the specified words.
Note that the Country attribute requires the two-letter country code value (for example, DE for Germany).
Exchange 2010 or later
The sender's specified properties match these text patterns
The sender > has specific properties matching these text patterns
SenderADAttributeMatchesPatterns
ExceptIfSenderADAttributeMatchesPatterns
First property: ADAttribute
Second property: Patterns
Messages where the specified Active Directory attribute of the sender contains text patterns that match the specified regular expressions.
Exchange 2010 or later
The sender has overridden the Policy Tip
The sender > has overridden the Policy Tip
HasSenderOverride
ExceptIfHasSenderOverride
n/a
Messages where the sender has chosen to override a data loss prevention (DLP) policy. For more information about DLP policies, see Data loss prevention.
Exchange 2013 or later
Sender's IP address is in the range
The sender > IP address is in any of these ranges or exactly matches
SenderIPRanges
ExceptIfSenderIPRanges
IPAddressRanges
Messages where the sender's IP address matches the specified IP address, or falls within the specified IP address range.
Exchange 2013 or later
The sender's domain is
The sender > domain is
SenderDomainIs
ExceptIfSenderDomainIs
DomainName
Messages where the domain of the sender's email address matches the specified value.
If you need to find sender domains that contain the specified domain (for example, any subdomain of a domain), use The sender address matches (FromAddressMatchesPatterns) condition and specify the domain by using the syntax: '\.domain\.com$'.
Exchange 2013 or later
Recipients
Condition or exception in the EAC
Condition and exception parameters in the Exchange Management Shell
Property type
Description
Available in
The recipient is
The recipient > is this person
SentTo
ExceptIfSentTo
Addresses
Messages where one of the recipients is the specified mailbox, mail user, or mail contact in the Exchange organization. The recipients can be in the To, Cc, or Bcc fields of the message.
Note: You can't specify distribution groups or mail-enabled security groups. If you need to take action on messages that are sent to a group, use the To box contains (AnyOfToHeader) condition instead.
Exchange 2007 or later
The recipient is located
The recipient > is external/external
SentToScope
ExceptIfSentToScope
UserScopeTo
Messages that are sent to internal recipients, external recipients, external recipients in partner organizations, or external recipients in non-partner organizations.
Exchange 2007 or later
The recipient is a member of
The recipient > is a member of this group
SentToMemberOf
ExceptIfSentToMemberOf
Addresses
Messages that contain recipients who are members of the specified group. The group can be in the To, Cc, or Bcc fields of the message.
Exchange 2007 or later
The recipient address includes
The recipient > address includes any of these words
RecipientAddressContainsWords
ExceptIfRecipientAddressContainsWords
Words
Messages that contain the specified words in the recipient's email address.
Note: This condition doesn't consider messages that are sent to recipient proxy addresses. It only matches messages that are sent to the recipient's primary email address.
Exchange 2010 or later
The recipient address matches
The recipient > address matches any of these text patterns
RecipientAddressMatchesPatterns
ExceptIfRecipientAddressMatchesPatterns
Patterns
Messages where a recipient's email address contains text patterns that match the specified regular expressions.
Note: This condition doesn't consider messages that are sent to recipient proxy addresses. It only matches messages that are sent to the recipient's primary email address.
Exchange 2010 or later
The recipient's specified properties include any of these words
The recipient > has specific properties including any of these words
RecipientADAttributeContainsWords
ExceptIfRecipientADAttributeContainsWords
First property: ADAttribute
Second property: Words
Messages where the specified Active Directory attribute of a recipient contains any of the specified words.
Note that the Country attribute requires the two-letter country code value (for example, DE for Germany).
Exchange 2010 or later
The recipient's specified properties match these text patterns
The recipient > has specific properties matching these text patterns
RecipientADAttributeMatchesPatterns
ExceptIfRecipientADAttributeMatchesPatterns
First property: ADAttribute
Second property: Patterns
Messages where the specified Active Directory attribute of a recipient contains text patterns that match the specified regular expressions.
Exchange 2010 or later
A recipient's domain is
The recipient > domain is
RecipientDomainIs
ExceptIfRecipientDomainIs
DomainName
Messages where the domain of a recipient's email address matches the specified value.
If you need to find recipient domains that contain the specified domain (for example, any subdomain of a domain), use The recipient address matches (RecipientAddressMatchesPatterns) condition, and specify the domain by using the syntax '\.domain\.com$'.
Exchange 2013 or later
Message subject or body
Note
The search for words or text patterns in the subject or other header fields in the message occurs after the message has been decoded from the MIME content transfer encoding method that was used to transmit the binary message between SMTP servers in ASCII text. You can't use conditions or exceptions to search for the raw (typically, Base64) encoded values of the subject or other header fields in messages.
Condition or exception in the EAC
Condition and exception parameters in the Exchange Management Shell
Property type
Description
Available in
The subject or body includes
The subject or body > subject or body includes any of these words
SubjectOrBodyContainsWords
ExceptIfSubjectOrBodyContainsWords
Words
Messages that have the specified words in the Subject field or message body.
Exchange 2007 or later
The subject or body matches
The subject or body > subject or body matches these text patterns
SubjectOrBodyMatchesPatterns
ExceptIfSubjectOrBodyMatchesPatterns
Patterns
Messages where the Subject field or message body contain text patterns that match the specified regular expressions.
Exchange 2007 or later
The subject includes
The subject or body > subject includes any of these words
SubjectContainsWords
ExceptIfSubjectContainsWords
Words
Messages that have the specified words in the Subject field.
Exchange 2007 or later
The subject matches
The subject or body > subject matches these text patterns
SubjectMatchesPatterns
ExceptIfSubjectMatchesPatterns
Patterns
Messages where the Subject field contains text patterns that match the specified regular expressions.
Condition and exception parameters in the Exchange Management Shell
Property type
Description
Available in
Any attachment's content includes
Any attachment > content includes any of these words
AttachmentContainsWords
ExceptIfAttachmentContainsWords
Words
Messages where an attachment contains the specified words.
Exchange 2010 or later
Any attachments content matches
Any attachment > content matches these text patterns
AttachmentMatchesPatterns
ExceptIfAttachmentMatchesPatterns
Patterns
Messages where an attachment contains text patterns that match the specified regular expressions.
Note: Only the first 150 kilobytes (KB) of the attachments are scanned.
Exchange 2010 or later
Any attachment's content can't be inspected
Any attachment > content can't be inspected
AttachmentIsUnsupported
ExceptIfAttachmentIsUnsupported
n/a
Messages where an attachment isn't natively recognized by Exchange, and the required IFilter isn't installed on the Mailbox server. For more information, see Register Filter Pack IFilters with Exchange 2013.
Exchange 2010 or later
Any attachment's file name matches
Any attachment > file name matches these text patterns
AttachmentNameMatchesPatterns
ExceptIfAttachmentNameMatchesPatterns
Patterns
Messages where an attachment's file name contains text patterns that match the specified regular expressions.
Exchange 2010 or later
Any attachment's file extension matches
Any attachment > file extension includes these words
AttachmentExtensionMatchesWords
ExceptIfAttachmentExtensionMatchesWords
Words
Messages where an attachment's file extension matches any of the specified words.
Exchange 2013 or later
Any attachment is greater than or equal to
Any attachment > size is greater than or equal to
AttachmentSizeOver
ExceptIfAttachmentSizeOver
Size
Messages where any attachment is greater than or equal to the specified value.
In the EAC, you can only specify the size in kilobytes (KB).
Exchange 2007 or later
The message didn't complete scanning
Any attachment > didn't complete scanning
AttachmentProcessingLimitExceeded
ExceptIfAttachmentProcessingLimitExceeded
n/a
Messages where the rules engine couldn't complete the scanning of the attachments. You can use this condition to create rules that work together to identify and process messages where the content couldn't be fully scanned.
Exchange 2013 or later
Any attachment has executable content
Any attachment > has executable content
AttachmentHasExecutableContent
ExceptIfAttachmentHasExecutableContent
n/a
Messages where an attachment is an executable file. The system inspects the file's properties rather than relying on the file's extension.
Exchange 2013 or later
Any attachment is password protected
Any attachment > is password protected
AttachmentIsPasswordProtected
ExceptIfAttachmentIsPasswordProtected
n/a
Messages where an attachment is password protected (and therefore can't be scanned). Password detection only works for Office documents, .zip files, and .7z files.
Exchange 2013 or later
Any recipients
The conditions and exceptions in this section provide a unique capability that affects all recipients when the message contains at least one of the specified recipients. For example, let's say you have a rule that rejects messages. If you use a recipient condition from the Recipients section, the message is only rejected for those specified recipients. For example, if the rule finds the specified recipient in a message, but the message contains five other recipients. The message is rejected for that one recipient, and is delivered to the five other recipients.
If you add a recipient condition from this section, that same message is rejected for the detected recipient and the five other recipients.
Conversely, a recipient exception from this section prevents the rule action from being applied to all recipients of the message, not just for the detected recipients.
Note
This condition doesn't consider messages that are sent to recipient proxy addresses. It only matches messages that are sent to the recipient's primary email address.
Condition or exception in the EAC
Condition and exception parameters in the Exchange Management Shell
Property type
Description
Available in
Any recipient address includes
Any recipient > address includes any of these words
AnyOfRecipientAddressContainsWords
ExceptIfAnyOfRecipientAddressContainsWords
Words
Messages that contain the specified words in the To, Cc, or Bcc fields of the message.
Exchange 2013 or later
Any recipient address matches
Any recipient > address matches any of these text patterns
AnyOfRecipientAddressMatchesPatterns
ExceptIfAnyOfRecipientAddressMatchesPatterns
Patterns
Messages where the To, Cc, or Bcc fields contain text patterns that match the specified regular expressions.
Exchange 2013 or later
Message sensitive information types, To and Cc values, size, and character sets
The conditions in this section that look for values in the To and Cc fields behave like the conditions in the Any recipients section (all recipients of the message are affected by the rule, not just the detected recipients).
Note
This condition doesn't consider messages that are sent to recipient proxy addresses. It only matches messages that are sent to the recipient's primary email address.
Condition or exception in the EAC
Condition and exception parameters in the Exchange Management Shell
Property type
Description
Available in
The message contains sensitive information
The message > contains any of these types of sensitive information
MessageContainsDataClassifications
ExceptIfMessageContainsDataClassifications
SensitiveInformationTypes
Messages that contain sensitive information as defined by data loss prevention (DLP) policies.
This condition is required for rules that use the Notify the sender with a Policy Tip (NotifySender) action.
Exchange 2013 or later
The To box contains
The message > To box contains this person
AnyOfToHeader
ExceptIfAnyOfToHeader
Addresses
Messages where the To field includes any of the specified recipients.
Exchange 2007 or later
The To box contains a member of
The message > To box contains a member of this group
AnyOfToHeaderMemberOf
ExceptIfAnyOfToHeaderMemberOf
Addresses
Messages where the To field contains a recipient who is a member of the specified group.
Exchange 2007 or later
The Cc box contains
The message > Cc box contains this person
AnyOfCcHeader
ExceptIfAnyOfCcHeader
Addresses
Messages where the Cc field includes any of the specified recipients.
Exchange 2007 or later
The Cc box contains a member of
The message > contains a member of this group
AnyOfCcHeaderMemberOf
ExceptIfAnyOfCcHeaderMemberOf
Addresses
Messages where the Cc field contains a recipient who is a member of the specified group.
Exchange 2007 or later
The To or Cc box contains
The message > To or Cc box contains this person
AnyOfToCcHeader
ExceptIfAnyOfToCcHeader
Addresses
Messages where the To or Cc fields contain any of the specified recipients.
Exchange 2007 or later
The To or Cc box contains a member of
The message > To or Cc box contains a member of this group
AnyOfToCcHeaderMemberOf
ExceptIfAnyOfToCcHeaderMemberOf
Addresses
Messages where the To or Cc fields contain a recipient who is a member of the specified group.
Exchange 2007 or later
The message size is greater than or equal to
The message > size is greater than or equal to
MessageSizeOver
ExceptIfMessageSizeOver
Size
Messages where the total size (message plus attachments) is greater than or equal to the specified value.
In the EAC, you can only specify the size in kilobytes (KB).
Note: Message size limits on mailboxes are evaluated before transport rules. A message that's too large for a mailbox will be rejected before a rule with this condition is able to act on the message.
Exchange 2013 or later
The message character set name includes any of these words
The message > character set name includes any of these words
ContentCharacterSetContainsWords
ExceptIfContentCharacterSetContainsWords
CharacterSets
Messages that have any of the specified character set names.
Exchange 2013 or later
Sender and recipient
Condition or exception in the EAC
Condition and exception parameters in the Exchange Management Shell
Property type
Description
Available in
The sender is one of the recipient's
The sender and the recipient > the sender's relationship to a recipient is
SenderManagementRelationship
ExceptIfSenderManagementRelationship
ManagementRelationship
Messages where the either sender is the manager of a recipient, or the sender is managed by a recipient.
Exchange 2010 or later
The message is between members of these groups
The sender and the recipient > the message is between members of these groups
BetweenMemberOf1 and BetweenMemberOf2
ExceptIfBetweenMemberOf1 and ExceptIfBetweenMemberOf2
Addresses
Messages that are sent between members of the specified groups.
Exchange 2007 or later
The manager of the sender or recipient is
The sender and the recipient > the manager of the sender or recipient is this person
ManagerForEvaluatedUser and ManagerAddress
ExceptIfManagerForEvaluatedUser and ExceptIfManagerAddress
First property: EvaluatedUser
Second property: Addresses
Messages where either a specified user is the manager of the sender, or a specified user is the manager of a recipient.
Exchange 2010 or later
The sender's and any recipient's property compares as
The sender and the recipient > the sender and recipient property compares as
ADAttributeComparisonAttribute and ADComparisonOperator
ExceptIfADAttributeComparisonAttribute and ExceptIfADComparisonOperator
First property: ADAttribute
Second property: Evaluation
Messages where the specified Active Directory attribute for the sender and recipient either match or don't match.
Exchange 2010 or later
Message properties
Condition or exception in the EAC
Condition and exception parameters in the Exchange Management Shell
Property type
Description
Available in
The message type is
The message properties > include the message type
MessageTypeMatches
ExceptIfMessageTypeMatches
MessageType
Messages of the specified type.
Note: When Outlook or Outlook Web App is configured to forward a message, the ForwardingSmtpAddress property is added to the message. The message type isn't changed to AutoForward.
Exchange 2010 or later
The message is classified as
The message properties > include this classification
HasClassification
ExceptIfHasClassification
MessageClassification
Messages that have the specified message classification. This is a custom message classification that you can create in your organization by using the New-MessageClassification cmdlet.
Exchange 2007 or later
The message isn't marked with any classifications
The message properties > don't include any classification
HasNoClassification
ExceptIfHasNoClassification
n/a
Messages that don't have a message classification.
Exchange 2010 or later
The message has an SCL greater than or equal to
The message properties > include an SCL greater than or equal to
SCLOver
ExceptIfSCLOver
SCLValue
Messages that are assigned a spam confidence level (SCL) that's greater than or equal to the specified value.
Exchange 2007 or later
The message importance is set to
The message properties > include the importance level
WithImportance
ExceptIfWithImportance
Importance
Messages that are marked with the specified Importance level.
Exchange 2007 or later
Message headers
Note
The search for words or text patterns in the subject or other header fields in the message occurs after the message has been decoded from the MIME content transfer encoding method that was used to transmit the binary message between SMTP servers in ASCII text. You can't use conditions or exceptions to search for the raw (typically, Base64) encoded values of the subject or other header fields in messages.
Condition or exception in the EAC
Condition and exception parameters in the Exchange Management Shell
Property type
Description
Available in
A message header includes
A message header > includes any of these words
HeaderContainsMessageHeader and HeaderContainsWords
ExceptIfHeaderContainsMessageHeader and ExceptIfHeaderContainsWords
First property: MessageHeaderField
Second property: Words
Messages that contain the specified header field, and the value of that header field contains the specified words.
The name of the header field and the value of the header field are always used together.
Exchange 2007 or later
A message header matches
A message header > matches these text patterns
HeaderMatchesMessageHeader and HeaderMatchesPatterns
ExceptIfHeaderMatchesMessageHeader and ExceptIfHeaderMatchesPatterns
First property: MessageHeaderField
Second property: Patterns
Messages that contain the specified header field, and the value of that header field contains the specified regular expressions.
The name of the header field and the value of the header field are always used together.
Exchange 2007 or later
Conditions and exceptions for transport rules on Edge Transport servers
The conditions and exceptions that are available in transport rules on Edge Transport servers are a small subset of what's available on Mailbox servers. There's no EAC on Edge Transport servers, so you can only manage transport rules in the Exchange Management Shell on the local Edge Transport server. The conditions and exceptions are described in the following table. The properties types are described in the Property types section.
Condition and exception parameters in the Exchange Management Shell
Property type
Description
Available in
AnyOfRecipientAddressContainsWords
ExceptIfAnyOfRecipientAddressContainsWords
Words
Messages that contain the specified words in the To, Cc, or Bcc fields.
When a message contains the specified recipient, the rule action is applied (or not applied) to all recipients of the message. For example, the message is rejected for all recipients of the message, not just for the specified recipient.
Exchange 2013 or later
AnyOfRecipientAddressMatchesPatterns
ExceptIfAnyOfRecipientAddressMatchesPatterns
Patterns
Messages where the To, Cc, or Bcc fields contain text patterns that match the specified regular expressions.
When a message contains the specified recipient, the rule action is applied (or not applied) to all recipients of the message. For example, the message is rejected for all recipients of the message, not just for the specified recipient.
Exchange 2013 or later
AttachmentSizeOver
ExceptIfAttachmentSizeOver
Size
Messages with attachments where any attachment is greater than or equal to the specified value.
Exchange 2007 or later
FromAddressContainsWords
ExceptIfFromAddressContainsWords
Words
Messages that contain the specified words in the sender's email address.
Exchange 2007 or later
FromAddressMatchesPatterns
ExceptIfFromAddressMatchesPatterns
Patterns
Messages where the sender's email address contains text patterns that match the specified regular expressions.
Exchange 2007 or later
FromScope
ExceptIfFromScope
UserScopeFrom
Messages that are sent by either internal senders or external senders.
Exchange 2007 or later
HeaderContainsMessageHeader and HeaderContainsWords
ExceptIfHeaderContainsMessageHeader and ExceptIfHeaderContainsWords
First property: MessageHeaderField
Second property: Words
Messages that contain the specified header field, and the value of that header field contains the specified words.
The name of the header field and the value of the header field are always used together.
Exchange 2007 or later
HeaderMatchesMessageHeader and HeaderMatchesPatterns
ExceptIfHeaderMatchesMessageHeader and ExceptIfHeaderMatchesPatterns
First property: MessageHeaderField
Second property: Patterns
Messages that contain the specified header field, and the value of that header field contains the specified regular expressions.
The name of the header field and the value of the header field are always used together.
Exchange 2007 or later
MessageSizeOver
ExceptIfMessageSizeOver
Size
Messages where the total size (message plus attachments) is greater than or equal to the specified value.
Exchange 2013 or later
SCLOver
ExceptIfSCLOver
SCLValue
Messages that are assigned an SCL that's greater than or equal to the specified value.
Exchange 2007 or later
SubjectContainsWords
ExceptIfSubjectContainsWords
Words
Messages that contain the specified words in the Subject field.
Exchange 2007 or later
SubjectMatchesPatterns
ExceptIfSubjectMatchesPatterns
Patterns
Messages where the Subject field contains text patterns that match the specified regular expressions.
Exchange 2007 or later
SubjectOrBodyContainsWords
ExceptIfSubjectOrBodyContainsWords
Words
Messages that contain the specified words in the Subject field or message body.
Exchange 2007 or later
SubjectOrBodyMatchesPatterns
ExceptIfSubjectOrBodyMatchesPatterns
Patterns
Messages where the Subject field or message body contain text patterns that match the specified regular expressions.
Exchange 2007 or later
Property types
The property types that are used in conditions and exceptions are described in the following table.
Note
If the property is a string, trailing spaces are not allowed.
Property type
Valid values
Description
ADAttribute
Select from a predefined list of Active Directory attributes
You can check against any of the following Active Directory attributes:
City
Company
Country
CustomAttribute1 - CustomAttribute15
Department
DisplayName
Email
FaxNumber
FirstName
HomePhoneNumber
Initials
LastName
Manager
MobileNumber
Notes
Office
OtherFaxNumber
OtherHomePhoneNumber
OtherPhoneNumber
PagerNumber
PhoneNumber
POBox
State
Street
Title
UserLogonName
ZipCode
In the EAC, to specify multiple words or text patterns for the same attribute, separate the values with commas. For example, the value San Francisco,Palo Alto for the City attribute looks for "City equals San Francisco" or City equals Palo Alto".
In the Exchange Management Shell, use the syntax "AttributeName1:Value1,Value 2 with spaces,Value3...","AttributeName2:Word4,Value 5 with spaces,Value6...", where Value is the word or text pattern that you want to match.
For example, "City:San Francisco,Palo Alto" or "City:San Francisco,Palo Alto","Department:Sales,Finance".
When you specify multiple attributes, or multiple values for the same attribute, the or operator is used. Don't use values with leading or trailing spaces.
Note that the Country attribute requires the ISO 3166-1 two-letter country code value (for example, DE for Germany). For more information, see Country Codes - ISO 316.
Addresses
Exchange recipients
Depending on the nature of the condition or exception, you might be able to specify any mail-enabled object in the organization (for example, recipient-related conditions), or you might be limited to a specific object type (for example, groups for group membership conditions). And, the condition or exception might require one value, or allow multiple values.
In the Exchange Management Shell, separate multiple values by commas.
Note: This condition doesn't consider messages that are sent to recipient proxy addresses. It only matches messages that are sent to the recipient's primary email address.
CharacterSets
Array of character set names
One or more content character sets that exist in a message. For example:
Arabic/iso-8859-6
Chinese/big5
Chinese/euc-cn
Chinese/euc-tw
Chinese/gb2312
Chinese/iso-2022-cn
Cyrillic/iso-8859-5
Cyrillic/koi8-r
Cyrillic/windows-1251
Greek/iso-8859-7
Hebrew/iso-8859-8
Japanese/euc-jp
Japanese/iso-022-jp
Japanese/shift-jis
Korean/euc-kr
Korean/johab
Korean/ks_c_5601-1987
Turkish/windows-1254
Turkish/iso-8859-9
Vietnamese/tcvn
DomainName
Array of SMTP domains
For example, contoso.com or eu.contoso.com.
In the Exchange Management Shell, you can specify multiple domains separated by commas.
EvaluatedUser
Single value of Sender or Recipient
Specifies whether the rule is looking for the manager of the sender or the manager of the recipient.
Evaluation
Single value of Equal or Not equal (NotEqual)
When comparing the Active Directory attribute of the sender and recipients, this specifies whether the values should match, or not match.
Importance
Single value of Low, Normal, or High
The Importance level that was assigned to the message by the sender in Outlook or Outlook Web App.
IPAddressRanges
Array of IP addresses or address ranges
You enter the IPv4 addresses using the following syntax:
Single IP address: For example, 192.168.1.1.
IP address range: For example, 192.168.0.1-192.168.0.254.
Classless InterDomain Routing (CIDR) IP address range: For example, 192.168.0.1/25.
In the Exchange Management Shell, you can specify multiple IP addresses or ranges separated by commas.
ManagementRelationship
Single value of Manager or Direct report(DirectReport)
Specifies the relationship between the sender and any of the recipients. The rule checks the Manager attribute in Active Directory to see if the sender is the manager of a recipient, or if the sender is managed by a recipient.
MessageClassification
Single message classification
In the EAC, you select from the list of message classifications that you've created.
In the Exchange Management Shell, you use the Get-MessageClassification cmdlet to identify the message classification. For example, use the following command to search for messages with the Company Internal classification and prepend the message subject with the value CompanyInternal.
Specifies the name of the header field. The name of the header field is always paired with the value in the header field (word or text pattern match).
The message header is a collection of required and optional header fields in the message. Examples of header fields are To, From, Received, and Content-Type. Official header fields are defined in RFC 5322. Unofficial header fields start with X- and are known as X-headers.
MessageType
Single message type value
Specifies one of the following message types:
Automatic reply (OOF)
Auto-forward (AutoForward)
Encrypted
Calendaring
Permission controlled (PermissionControlled)
Voicemail
Signed
Approval request (ApprovalRequest)
Read receipt (ReadReceipt)
Note: When Outlook or Outlook Web App is configured to forward a message, the ForwardingSmtpAddress property is added to the message. The message type isn't changed to AutoForward.
Patterns
Array of regular expressions
Specifies one or more regular expressions that are used to identify text patterns in values. For more information, see Regular Expression Syntax.
In the Exchange Management Shell, you specify multiple regular expressions separated by commas, and you enclose each regular expression in quotation marks (").
SCLValue
One of the following values:
Bypass spam filtering (-1)
Integers 0 through 9
Specifies the spam confidence level (SCL) that's assigned to a message. A higher SCL value indicates that a message is more likely to be spam.
In the Exchange Management Shell, use the syntax @{<SensitiveInformationType1>},@{<SensitiveInformationType2\>},.... For example, to look for content that contains at least two credit card numbers, and at least one ABA routing number, use the value @{Name="Credit Card Number"; minCount="2"},@{Name="ABA Routing Number"; minCount="1"}.
Size
Single size value
Specifies the size of an attachment or the whole message.
In the EAC, you can only specify the size in kilobytes (KB).
In the Exchange Management Shell, when you enter a value, qualify the value with one of the following units:
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
For example, 20MB
Unqualified values are typically treated as bytes, but small values may be rounded up to the nearest kilobyte.
UserScopeFrom
Single value of Inside the organization (InOrganization) or Outside the organization (NotInOrganization)
A sender is considered to be inside the organization if either of the following conditions is true:
The sender is a mailbox, mail user, group, or mail-enabled public folder that exists in the organization's Active Directory.
The sender's email address is in an accepted domain that's configured as an authoritative domain or an internal relay domain, and the message was sent or received over an authenticated connection. For more information about accepted domains, see Accepted domains.
A sender is considered to be outside the organization if either of the following conditions is true:
The sender's email address isn't in an accepted domain.
The sender's email address is in an accepted domain that's configured as an external relay domain.
Note: To determine whether mail contacts are considered to be inside or outside the organization, the sender's address is compared with the organization's accepted domains.
UserScopeTo
One of the following values:
Inside the organization (InOrganization)
Outside the organization (NotInOrganization)
In an external partner organization (ExternalPartner)
In an external non-partner organization (ExternalNonPartner)
A recipient is considered to be inside the organization if either of the following conditions is true:
The recipient is a mailbox, mail user, group, or mail-enabled public folder that exists in the organization's Active Directory.
The recipient's email address is in an accepted domain that's configured as an authoritative domain or an internal relay domain, and the message was sent or received over an authenticated connection.
A recipient is considered to be outside the organization if either of the following conditions is true:
The recipient's email address isn't in an accepted domain.
The recipient's email address is in an accepted domain that's configured as an external relay domain.
External partner organizations are external domains where you've configured Domain Security (mutual TLS authentication) to send mail.
External non-partner organizations are all other external domains that aren't considered partner domains.
Words
Array of strings
Specifies one or more words to look for. The words aren't case-sensitive, and can be surrounded by spaces and punctuation marks. Wildcards and partial matches aren't supported.
For example, "contoso" matches " Contoso.". However, if the text is surrounded by other characters, it isn't considered a match. For example, "contoso" doesn't match the following values:
Acontoso
Contosoa
Acontosob
The asterisk (*) is treated as a literal character, and isn't used as a wildcard character.
Summary: Learn about the conditions and exceptions that define when mail flow rules (transport rules) are applied to messages in Exchange Server 2016 and Exchange Server 2019.
This module examines how to manage Safe Attachments in your Microsoft 365 tenant by creating and configuring policies and using transport rules to disable a policy from taking effect in certain scenarios. MS-102