Forum Discussion

khamilton's avatar
khamilton
Copper Contributor
Nov 22, 2019

Mail Flow Rule Question

I'm NOT an Exchange expert but...

Basically we have customers who are asking us to do DLP in Exchange such that information relevant to their company isn't sent to any of our other customers.

 

As such I've been asked by management to find a way to do the following:

 

1. Outbound Mail contains specific words in the body/subject. -> Next Condition

2. All recipients are with company "A" or our own company.  -> Send Message

3. Any recipient doesn't match above -> Reject Message.

 

Repeat rule for Company B thru ...

 

Anyone have any suggestions on how to go about this?

It wouldn't be hard if I had a way to negate a condition but that doesn't exist. 

 

  • Hello therekhamilton 
    Im a 23 year old Microsoft certified Expert that focuses on Office365, Exchange and Azure. 

    I think that Ive managed to create a rule that matches your criterias. 
    Please read my instructions below and let me know what you think. Maybe I've missunderstood you. 

     

    1: In ECP (  Exchange Control Panel ) click "Mail Flow" 

     

    2: After that, click on "Create a new rule" 

     

    3: Now we get to the creation. Start by giving the rule a name and then click "More options" To get all the advanced Featues

     

    4: Now, start by adding the first condition as my image below 

    "The Subject or body"-->"Subject or body includes any of these words" 

     

    Here you can then specifiy the words you want to look for by typing them and click the "+" sign. 

    You can mark a word and click the pen to edit it into a phrase

     

    5: After this, we add the second condition as my image below 

    "The Sender"-->"Domain Is" 

     

    In this rule above you type the domain of your client ( Client A ) 

     

    6: Now time for the action... we reject the email like my image below 

    "block the message" -->"Delete the message without notifying anyone" 

    ( You can choose another action that fits your needs better ) 

     

    7: Finally, we add an Exception, this will make that, as long as the recipients of the email are related to the "Client A" domain or your companys domain, The message will be delivered like normal. See images below 

     

     

     

    Now, your mail flow rule should look like this 

     

    This rule will look for emails sent my companyA users, that have specific words in them. And block them from sending if the recipients are not within the CompanyA domain, or in your companys domain. 

     

    Kind Regards
    Oliwer Sjöberg

    • khamilton's avatar
      khamilton
      Copper Contributor

      oliwer_sundgren 

      Not quite, we need this for OUTBOUND mail.  So our employee sends email which includes proprietary info of Company A, but they include someone from Company B on the message, message gets dropped. 

      The biggest issue is there isn't a way to negate a condition.  If there were then this becomes simple. 

       

      Employee Sends message.

      Includes specific info in text

      Sent to anyone NOT in Company A -> Drop it.

       

      • oliwer_sundgren's avatar
        oliwer_sundgren
        Steel Contributor

        Hello! khamilton 
        I may be confused here but I do belive that's what my previous rule is about 

         

        >If Message contains these words/phrases "NDA, Secrect etc" 

        >If Sender Domain is "ClientA" 

        >Delete the message 

        >EXCEPT IF Recipient domain is "ClientA" or "YourDomain" 

        Am I missunderstanding you? The above rule will delete the message if it contains "NDA" and is sent to "Client B" 

        Kind Regards
        Oliwer Sjöberg

Resources