Overview
We know that some of our customers leverage Exchange transport rules to prepend subject line or insert the message body to show the email is from external senders. This approach has a few ...
Updated Oct 06, 2023
Version 16.0
Blog Post
Has The Exchange Team designed something here which could be adopted across the industry as a common standard?
We know there are issues with the transport rule method (side note: an important limitation not mentioned in this article is that a targeted phishes can easily obfuscate the prepend html see: https://whynotsecurity.com/blog/external-email-warning-bypass/). This external tag is a remediation against all these limitations.
I'd be keen to use this IsExternalSender flag instead of prepend html, however it's currently only useful for Outlook users. If a user adds their O365 mailbox to another mail client, they wouldn't get any warning if we turned off external transport rule.
That makes me somewhat apprehensive about turning off the transport rule. I appreciate "perfect can be the enemy of good", and that 95%+ of our users would benefit from using the External Tag instead of the transport rule.
Can The_Exchange_Team take the use of this MAPI property as a way to encourage adoption by the wider mail community (mail service providers and mail client developers), so that a common way of handling external tags across the industry is developed over time?