Transport rule actions

Exchange 2013

Applies to: Exchange Online Protection

Topic Last Modified: 2015-02-23

Transport rule actions let you apply messaging policies to email messages flowing through your organization that match conditions and exceptions defined in Transport rule conditions (predicates). For example, you could define a transport rule action to forward an email message to an approving manager, or add a disclaimer or personalized signature.

Looking for:

Management tasks related to transport rules? See Manage Transport Rules
Exchange Online version of this topic? See Transport rule actions
Exchange 2013 version of this topic? See Transport rule actions

Contents

Transport rule actions and properties

Property values

Transport rule actions and properties

Each action affects email messages in a unique way. For example, an action can cause an email message to be redirected to another address or to be deleted. Each action consists of the action itself, its action property, and the value of the property.

Each transport rule action contains the action, and any information needed for the action. For example, when you use the Redirect the Message to action, you must specify the email address of the person you’re redirecting the message to. Sometimes two pieces of information are needed. For example, when you add a disclaimer, you need the disclaimer text plus information about what to do if the disclaimer can’t be sent.

Here’s a list of the information required for each action in Exchange Online Protection. When you add these actions using the Exchange admin center, you’re prompted for the required information. When you add them using the Shell, you must specify them on the command line. Valid values for each property are described in Property values.

The following table lists the actions that can be used with Transport rules in Exchange Online Protection (EOP).

Action name in Exchange admin center	Action name in Shell	Properties	Description
Redirect the message to	`RedirectMessageTo`	`Addresses`	Redirects the email message to one or more recipients specified. The message isn't delivered to the original recipients, and no notification is sent to the sender or the original recipients. `Addresses` can't include distribution groups.
Deliver the message to the spam quarantine	`Quarantine`	Not applicable	Delivers the message to the quarantine mailbox.
Reject the message and include an explanation	`RejectReason`	`RejectReason`	Deletes the email message and sends a non-delivery report to the sender with the specified text as the rejection reason. The recipient doesn't receive the message or notification.
Reject the message with the enhanced status code of	`RejectMessageEnhancedStatusCode`	`EnhancedStatusCode`	Deletes the email message and sends a non-delivery receipt to the sender with the specified status code. The recipient doesn't receive the message or notification.
Delete the message without notifying anyone	`DeleteMessage`	Not applicable	Deletes the email message without sending a notification to either the recipient or the sender.
Add recipients to the BCC box	`BlindCopyTo`	`Addresses`	Adds one or more recipients as blind carbon copy (Bcc) recipients. The original recipients aren't notified and can't see the Bcc addresses. `Addresses` can't include distribution groups.
Add recipients to the To box	`AddToRecipient`	`Addresses`	Adds one or more recipients to the To field of the message. The original recipients can see the additional address. `Addresses` can't include distribution groups.
Add recipients to the cc box	`CopyTo`	`Addresses`	Adds one or more recipients to the carbon copy (Cc) field of the message. The original recipients can see the Cc address. `Addresses` can't include distribution groups.
Add the sender's manager as a recipient	`AddManagerAsRecipientType`	`AddedRecipientType`	Adds the sender's manager, if defined in the manager attribute in Active Directory, as the specified recipient type.
Apply a disclaimer to the message (append a disclaimer)	`ApplyHtmlDisclaimerText` `ApplyHtmlDisclaimerTextLocation` `ApplyHtmlDisclaimerFallbackAction`	First property: `DisclaimerText` Second property: `FallbackAction`	Applies an HTML disclaimer to the message.
Apply a disclaimer to the message (prepend a disclaimer)	`ApplyHtmlDisclaimerText` `ApplyHtmlDisclaimerTextLocation` `ApplyHtmlDisclaimerFallbackAction`	First property: `DisclaimerText` Second property: `FallbackAction`	Applies an HTML disclaimer to the message.
Remove a message header	`RemoveHeader`	`MessageHeader`	Removes the specified message header from a message.
Set a message header	`SetHeaderName` `SetHeaderValue`	First property: `MessageHeader` Second property: `HeaderValue`	Creates a new message header or modifies an existing message header and sets the value of that message header to the specified value.
Set the spam confidence level	`SetScl`	`SclValue`	Sets the spam confidence level (SCL) on an email message. For more information about how to use this setting, see Create a transport rule to identify mail as spam or not spam by setting the spam confidence level (SCL).
Prepend the subject of the message with	`PrependSubject`	`Prefix`	Prepends the Subject of the message with the specified text.
Require TLS encryption	`RouteMessageOutboundRequireTls`	Not applicable	Forces the outbound messages to be routed over TLS encrypted connections.
Apply Office 365 Message Encryption	`ApplyOME`	Not applicable	Encrypt the message and attachments. To use this action, your organization must have Azure Rights Management (RMS) set up for Office 365 Message Encryption.
Remove Office 365 Message Encryption	`RemoveOME`	Not applicable	Decrypt the message and attachments so that users don’t have to sign in to the encryption portal in order to view them. This action can only be done for messages that are sent within your organization. To use this action, your organization must have Azure Rights Management (RMS) set up for Office 365 Message Encryption.
Generate incident report and send it to	`GenerateIncidentReport`	First property: `Addresses` Second property: `IncidentReportContent`	Generates an incident report and sends it to the specified recipients. `Addresses` can't include distribution groups.
Notify the recipient with a message	`GenerateNotification`	`GenerateNotification`	Sends a notification to the recipient with the specified text -- for example, you can inform the recipient that the message was rejected by a transport rule, or it was marked as spam and will be delivered to their Junk Email folder.
Stop processing more rules	`StopRuleProcessing`	Not applicable	Specifies whether the processing of subsequent rules should be stopped for this message.

Property values

Each property that you use to define a transport rule action requires a value. Here’s a list of values for each action property in Exchange Online Protection.

Property Valid values Description

AddedRecipientType

One of the following values:

To
Cc
Bcc
Redirect

AddedRecipientType accepts a single value:

To, Cc, and Bcc values are self-explanatory and correspond to the addressing fields of email messages.
Redirect delivers the message only to the specified recipient. The message isn't delivered to any of the original recipients.

Addresses

Either a single or an array of valid recipients.

Addresses accepts an array of mailbox, mail-enabled contact, mail-enabled user, or distribution group objects.

Some actions don't apply to distribution groups.

DisclaimerText

HTML string

DisclaimerText can be any text you want to insert to the message as a disclaimer. HTML tags and cascade style sheet (CSS) tags.

EnhancedStatusCode

Single DSN code of 5.7.1, or any value from 5.7.10 through 5.7.999

EnhancedStatusCode specifies the DSN code and related DSN message to display to the senders of messages rejected by a Transport rule action. The DSN message associated with the specified DSN status code is displayed in the user information portion of the NDR displayed to the sender. The specified DSN code must be an existing default DSN code or a customized DSN status code that you can create by using the New-SystemMessage cmdlet.

FallbackAction

One of the following values:

Wrap
Ignore
Reject

FallbackAction specifies what the Transport rule should do if a disclaimer can't be applied to a message. There can be cases where the contents of a message can't be altered, for example if a message is encrypted. The default fallback action is Wrap. The following list describes each fallback action:

Wrap If the disclaimer can't be inserted into the original message, Exchange encloses, or wraps, the original message in a new message envelope. Then the disclaimer is inserted into the new message.

Important:
If an original message is wrapped in a new message envelope, subsequent Transport rules are applied to the new message envelope, and not to the original message. Therefore, you must configure Transport rules with disclaimer actions that wrap original messages in a new message body with a lower priority than other Transport rules.

Note:
If the original message can't be wrapped in a new message envelope, the original message isn't delivered. The sender of the message receives an NDR that explains why the message wasn't delivered.

Ignore If the disclaimer can't be inserted into the original message, Exchange lets the original message continue unmodified. No disclaimer is added.
Reject If the disclaimer can't be inserted into the original message, Exchange doesn't deliver the message. The sender of the message receives an NDR that explains why the message wasn't delivered.

GenerateNotification

HTML string

RejectMessageReasonText accepts any text supported by DisclaimerText, including HTML, inline cascade style sheet (CSS), and variables that can be used to insert properties (“From”, “To”, “CC”, “Subject”, “Headers”, “MessageDate”) into the message. These variables must be enclosed in two percent signs (%%) on each side. For more information on supported formatting, see Organization-wide disclaimers, signatures, footers, or headers.

HeaderValue

Single string

HeaderValue accepts a single string that's applied to the header specified header.

IncidentReportContent

One of the following values:

Sender
Recipients
Subject
CC
BCC
Severity
Override
RuleDetections
FalsePositive
DataClassifications
IdMatch
AttachOriginalMail

IncidentReportContent specifies the list of properties of the original message to be included in the incident report. You can choose to include any combination of these properties. In addition to the properties you specify, the message ID is always included in the incident report. The following list describes these properties:

Sender, Subject, and AttachOriginalMail Self-explanatory values. The first two correspond to the message properties with the same name. The third property specifies that the entire message that triggered the rule is attached to the incident report.
Recipients, CC, and BCC Designate the recipients the message was sent to, and correspond to the To, Cc, and Bcc boxes respectively. For each of these properties, only the first 10 recipients are included in the incident report. If the message was addressed to more than 10 recipients, the report will also include the count of additional recipients. For example, if the message included 22 people in the To: box, the incident report will list the first 10 of these recipients and specify that there were 12 additional recipients.
Severity Specifies the audit severity of the rule that was triggered. Reports about rule matches include all the audit severity levels, and can be filtered by audit severity. If you clear the Audit this rule with severity level checkbox, rule matches will not show up in the rule reports. If a message is processed by more than one rule, the highest severity is included in any incident reports.
Override Specifies the override if the sender has chosen to override a Policy Tip. If the sender has provided a justification, the first 100 characters of the justification are also included.
RuleDetections Specifies the list of rules that the message triggered.
FalsePositive Specifies the false positive if the sender marked the message as a false positive for a Policy Tip.
DataClassifications Specifies the list of sensitive information types detected in the message.
IdMatch Specifies the sensitive information type detected, the exact matched content from the message, and the 150 characters before and after the matched sensitive information.

MessageHeader

Single string

MessageHeader accepts a string that can be used to specify the SMTP message header to modify.

Prefix

Single string

Prefix accepts a string that's prepended to the subject of the email message.

Tip:

To prevent the string that's specified with the Prefix Transport rule action from being added to the subject every time that a reply to the message encounters the Transport rule, add the SubjectContains exception to the Transport rule.
The SubjectContains exception should contain the string that you specified with the Prefix Transport rule action. If you add the SubjectContains exception to the Transport rule, the Transport rule doesn't add another instance of the Prefix string to the subject if the Prefix string already appears in the subject.

RejectReason

Single string

RejectReason accepts a string that's used to populate the administrator information portion of the NDR returned to the email sender if an email message is rejected.

SclValue

Single integer

SclValue accepts a single integer from -1 through 9, which is used to configure the SCL of the email message. For more information about how to use this setting, see Create a transport rule to identify mail as spam or not spam by setting the spam confidence level (SCL).

For more information

Transport rules

Transport rule conditions (predicates)

Manage Transport Rules

Office 365 Message Encryption

Was this page helpful?

Yes

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)

Thank you for your feedback