In online exchange organizations or independent exchange online protection (eop) organizations without online exchange mailboxes, you can use mail flow rules (also known as transport rules) to identify and take action about the messages flowing through your organization.
Mail flow rules are similar to the inbox rules that are available in Outlook and Outlook on the web (formerly known as Outlook Web App). the main difference is that mail flow rules act on messages while they are in transit, not after the message is delivered to the mailbox. mail flow rules contain a broader set of conditions, exceptions, and actions, giving you the flexibility to implement many types of messaging policies.
This article explains the components of mail flow rules and how they work.
For steps to create, copy, and manage mail flow rules, see Manage mail flow rules. For each rule, you have the option to apply it, test it, or test it and notify the sender. For more information on test options, see the online exchange test mail flow rules and policy tips (policy tips are not available in standalone eop).
For summary and detailed reports on messages that matched mail flow rules, see Use mail protection reports to view data on malware, spam, and rule detections.
To implement specific messaging policies using mail flow rules, see the mail flow rules procedures on the online exchange.
mail flow rule components
A mail flow rule is made up of conditions, exceptions, actions, and properties:
-
conditions: Identify the messages to which you want to apply the actions. some conditions examine the fields in the message header (for example, the to, from, or cc fields). other conditions examine message properties (for example, the message subject, body, attachments, message size, or message classification). most conditions require that you specify a comparison operator (for example, equals, is not equal, or contains) and a value to match. if there are no conditions or exceptions, the rule is applied to all messages.
for more information about exchange online mail flow rule conditions, see exchange online mail flow rule conditions and exceptions (predicates).
Exceptions: Optionally identify messages to which the actions should not be applied. the same message identifiers that are available in conditions are also available in exceptions. exceptions override conditions and prevent rule actions from being applied to a message, even if the message matches all configured conditions.
actions: Specifies what to do with messages that meet the rule’s conditions and don’t meet any of the exceptions. many actions are available, such as rejecting, deleting, or redirecting messages, adding additional recipients, adding prefixes to the message subject, or inserting disclaimers in the message body.
For more information about the mail flow rule actions that are available in exchange online, see mail flow rule actions in exchange online.
properties: Specify rule settings other than conditions, exceptions, or actions. for example, when the rule should be applied, whether to enforce or test the rule, and the length of time the rule is active.
for more information, see the mail flow rule properties section in this article.
multiple conditions, exceptions and actions
The following table shows how various conditions, condition values, exceptions, and actions are handled in a rule.
Note that some actions (for example, the action delete the message without notifying anyone) prevent post rules from being applied to a message. other actions (for example, forward the message) do not allow additional actions.
You can also set an action on a rule so that when that rule is applied, subsequent rules are not applied to the message.
mail flow rule properties
The following table describes the rule properties that are available in mail flow rules.
changes the priority of the rule in the eac by moving the rule up or down in the list of rules. in the powershell, set the priority number (0 is the highest priority).
For example, if you have a rule to reject messages that include a credit card number and another that requires approval, you’ll want the reject rule to apply first and stop applying other rules.
For more information, see Set the priority of a mail flow rule.
policy tips present a short note in outlook or outlook on the web that provides information about possible policy violations to the person who is creating the message. For more information, see the policy tips.
For more information on the modes, see the online exchange test mail flow rules.
disable this rule on the next date
The value is displayed in the state property of the rule.
how mail flow rules are applied to messages
all messages (except ndrs) that flow through your organization are evaluated against the mail flow rules enabled in your organization. the rules are processed in the order indicated in the mail flow > rules page on each, or based on the value of the corresponding priority parameter in powershell.
each rule also offers the option to stop processing further rules when the rule is matched. this setting is important for messages that match the conditions of multiple mail flow rules (which rule do you want to apply to the message? all? just one?).
differences in processing depending on the type of message
There are several types of messages that pass through an organization. the following table shows what types of messages can be processed by mail flow rules.
For a rule to inspect or modify the content of an encrypted message, it must verify that transport decryption is enabled (required or optional; default is optional). For more information, see Enable or disable transport decryption.
You can also create a rule that automatically decrypts encrypted messages. for more information, see define rules for encrypting email messages.
Rules with conditions that require inspection of message content or actions that modify message content cannot be processed.
For a rule to inspect or modify the content of an rms-protected message, it must verify that transport decryption is enabled (required or optional; default is optional). for more information, see enable or disable transport decryption.
what else should I know?
- the value of the version or ruleversion property for a rule is not important in the online exchange.
- after creating or modify a mail flow rule, it can take up to 30 minutes for the new or updated rule to be applied to messages.
- you can create a transport rule to bypass eop and allow mail to flow without delay from internal senders, such as scanners, fax machines, and other trusted sources that send attachments that are known to be safe. do not bypass the filtering of all internal messages; in this situation, a compromised account could send malicious content.
- history and changes to mail flow rules are not persisted, so you cannot revert mail flow rules to previous states .
for more information
manage mail flow rules
mail flow rules procedures in online exchange
journal, transport and inbox rule limits