0

We work with a giant company that prepends an email tag to every externally originating (to them) email that goes something like:

"Warning, this email originated outside your organization - don't click any links unless you recognize the sender"

I don't want to implement tagging exactly like this because 90% of all our mail flow is between us and this company. I'm worried the tagging would just become noise that gets ignored. (not to mention clutters email chains)

What I would like to set up instead would be tagging that only applies when an external account emails our organization for the first time For example, the tag would look like:

"Warning - you've never received an email from jon.doe@gmail.com before - Use caution if you were not expecting this email"

which I believe would be much more effective.

Does anyone know how to do this? Our environment:

On prem Exhchange 2013 / Proofpoint Spam Filtering

Thomas Bailey
  • 13
  • 4

3 Answers3

1

@Ivan_Wang - I got it working into a self-maintaining sender list using your suggestions. Here are the steps I took:

  1. Schedule an Exchange Shell script to export a CSV List from delivered emails
  2. Schedule another script to read the CSV and log the addresses from step #1 into a database (so I can keep track of what has been added). This script then compares with my database to identify only NEW senders. It takes the NEW senders and puts them into a CSV file, formatted for import.
  3. Schedule and Exchange Shell script to import the CSV file created in #2 using the New-Mailcontact command.
  4. A fourth script to hide these new mail contacts from address books.(to modify attribute msExchHideFromAddressLists

And then an Exchange rule that checks to see if the sender is NOT member of the group that I'm populating. The limitation of this method is that it treats senders as "new" until the scripts run again. I am running them daily and so in the rule disclaimer, I said something like "this is a new sender... etc... This message will stop appearing for this sender after 1 day."

I spent all day this... I don't think the catch was worth the chase. But it is working.

Thomas Bailey
  • 13
  • 4
0

This is not supported with Exchange 2013 or Proofpoint. The issue is you would need one of those servers to keep track of every email address that ever sent email to every internal email account so that it would know if a given sender had sent an email to a specific internal account for the first time. That isn’t realistic and I don’t know of any product or service that can do that.

user5870571
  • 3,094
  • 2
  • 12
  • 35
0

Hope my thinking below is helpful to you:

Because no exceptions in transport rule can avoid adding disclaimers to a same external sender, I think you can use message tracking log to search external emails which are sent to your organization, and add these emails' senders to mail contact list, the following commands which can realize this function are for your reference:

$senders = Get-MessageTrackingLog -EventId DELIVER | where{$_.Sender -notlike "*@yourdomain.com*"}
foreach($sender in $senders){
New-MailContact -Name $sender.Sender -ExternalEmailAddress $sender.Sender
Start-Sleep -Seconds 5
Add-DistributionGroupMember -Identity <Specific group> -Member $sender.Sender
}

After that, you can add these external contacts to a specific group, then add an exception to your existing rule which is used to add a custom disclaimer: If the sender is a member of

enter image description here

Ivan_Wang
  • 1,333
  • 1
  • 4
  • 4