Overview
We know that some of our customers leverage Exchange transport rules to prepend subject line or insert the message body to show the email is from external senders. This approach has a few ...
Updated Oct 06, 2023
Version 16.0
Blog Post
I have performed some tests of this "External" call out feature. I have sent test messages to myself, using an external unauthorized SMTP-relay server, spoofing the From address as a coworker's SMTP-address. Even though the messages are clearly inbound, neither Outlook nor OWA applies the "External" call out to the messages. When I look at the headers of these incoming messages, the SPF, DKIM, and DMARC tests fail, as expected. The X-MS-Exchange-Organization-MessageDirectionality value is Incoming. The X-MS-Exchange-OrganizatonAuthAs value is Anonymous. Yet Outlook and OWA still do not apply the "External" call out to the messages.
This is obviously a crucial scenario for the "External" call out to be applied....perhaps more crucial than any other scenario.
Has anyone else tested this feature?