Forum Discussion

jjthomas's avatar
jjthomas
Copper Contributor
May 12, 2020

Using a 3rd Party Email Gateway to Insert X-MS-Exchange-Organization Headers

I wanted to post to confirm a suspicion I have, as I cannot find any solid source of this information elsewhere.  

 

Does Exchange Online "strip" or "firewall" the message header of some X-MS-Exchange-Organization if they are present in an inbound message received from an external sender?  I am using a mail gateway to add two custom headers (X-MS-Exchange-Organization-SkipSafeLinksProcessing and X-MS-Exchange-Organization-SkipSafeAttachmentProcessing) to bypass the application ATP protections to emails originating from our phishing education tool.  

 

I can see the headers being added to the message at the mail gateway, but they are not present on the received message in Exchange Online.  This leads me to believe that Exchange Online is stripping these headers out.  

 

Confirmation of this behavior is appreciated!  Thanks!

 

  • I suppose, otherwise every spammer out there can just add them to their messages. Use a transport rule instead.

  • I suppose, otherwise every spammer out there can just add them to their messages. Use a transport rule instead.

    • jjthomas's avatar
      jjthomas
      Copper Contributor

      VasilMichev 

      I was able to create two ETRs to add the headers I need, however, interestingly enough, I cannot see the headers in the actual delivered message.  This is in spite of the message trace showing the Transport rule firing to set the header.  

       

      I will likely remove the SCL setting from these rules, as it is not required.  

      • They shouldn't be stripped post rule application, but in any case the important thing is that the messages are delivered successfully and bypass ATP checks.

    • jjthomas's avatar
      jjthomas
      Copper Contributor

      VasilMichev 

      The behavior makes perfect sense. 

       

      I was trying to avoid employing a transport rule and move the processing upstream.  I am going to test it via a transport rule instead, now that I remembered how to have a rule fire on a specific header value.  

Resources