- 9 minutes to read
Effective from December 2022, the classic Exchange Admin Center will be deprecated forworldwide customers. Microsoft recommends using the new Exchange Admin Center, if notalready doing so.
While most of the features have been migrated to new EAC, some have been migrated toother admin centers and remaining ones will soon be migrated to New EAC. Find featuresthat are not yet there in new EAC at Other Features or use Global Search that will help younavigate across new EAC.
In Exchange Online organizations or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, you can use mail flow rules (also known as transport rules) to identify and take action on messages that flow through your organization.
System-generated messages such as non-delivery reports (NDRs) do not get processed by your organization's mail flow rules (or transport rules).
Mail flow rules are similar to the Inbox rules that are available in Outlook and Outlook on the web (formerly known as Outlook Web App). The main difference is mail flow rules take action on messages while they're in transit, not after the message is delivered to the mailbox. Mail flow rules contain a richer set of conditions, exceptions, and actions, which provides you with the flexibility to implement many types of messaging policies.
This article explains the components of mail flow rules, and how they work.
For steps to create, copy, and manage mail flow rules, see Manage mail flow rules. For each rule, you have the option of enforcing it, testing it, or testing it and notifying the sender. To learn more about the testing options, see Test mail flow rules in Exchange Online and Policy Tips (policy tips aren't available in standalone EOP).
For summary and detail reports about messages that matched mail flow rules, see Use mail protection reports to view data about malware, spam, and rule detections.
To implement specific messaging policies by using mail flow rules, see Mail flow rule procedures in Exchange Online.
Mail flow rule components
A mail flow rule is made of conditions, exceptions, actions, and properties:
Conditions: Identify the messages that you want to apply the actions to. Some conditions examine message header fields (for example, the To, From, or Cc fields). Other conditions examine message properties (for example, the message subject, body, attachments, message size, or message classification). Most conditions require you to specify a comparison operator (for example, equals, doesn't equal, or contains) and a value to match. If there are no conditions or exceptions, the rule is applied to all messages.
For more information about mail flow rule conditions in Exchange Online, see Mail flow rule conditions and exceptions (predicates) in Exchange Online.(Video) Securing Mail Flow in Exchange Online
Exceptions: Optionally identify the messages that the actions shouldn't apply to. The same message identifiers that are available in conditions are also available in exceptions. Exceptions override conditions and prevent the rule actions from being applied to a message, even if the message matches all of the configured conditions.
Actions: Specify what to do to messages that match the conditions in the rule, and don't match any of the exceptions. There are many actions available, such as rejecting, deleting, or redirecting messages, adding additional recipients, adding prefixes in the message subject, or inserting disclaimers in the message body.
For more information about mail flow rule actions that are available in Exchange Online, see Mail flow rule actions in Exchange Online.
Properties: Specify other rules settings that aren't conditions, exceptions or actions. For example, when the rule should be applied, whether to enforce or test the rule, and the time period when the rule is active.
For more information, see the Mail flow rule properties section in this article.
Multiple conditions, exceptions, and actions
The following table shows how multiple conditions, condition values, exceptions, and actions are handled in a rule.
|Multiple conditions||AND||A message must match all the conditions in the rule. If you need to match one condition or another, use separate rules for each condition. For example, if you want to add the same disclaimer to messages with attachments and messages that contain specific text, create one rule for each condition. In the EAC, you can easily copy a rule.|
|One condition with multiple values||OR||Some conditions allow you to specify more than one value. The message must match any one (not all) of the specified values. For example, if an email message has the subject Stock price information, and the The subject includes any of these words condition is configured to match the words Contoso or stock, the condition is satisfied because the subject contains at least one of the specified values.|
|Multiple exceptions||OR||If a message matches any one of the exceptions, the actions are not applied to the message. The message doesn't have to match all the exceptions.|
|Multiple actions||AND||Messages that match a rule's conditions get all the actions that are specified in the rule. For example, if the actions Prepend the subject of the message with and Add recipients to the Bcc box are selected, both actions are applied to the message. |
Keep in mind that some actions (for example, the Delete the message without notifying anyone action) prevent subsequent rules from being applied to a message. Other actions (for example, the Forward the message) don't allow additional actions.
You can also set an action on a rule so that when that rule is applied, subsequent rules are not applied to the message.
Mail flow rule properties
The following table describes the rule properties that are available in mail flow rules.
|Property name in the EAC||Parameter name in PowerShell||Description|
|Priority||Priority||Indicates the order that the rules are applied to messages. The default priority is based on when the rule is created (older rules have a higher priority than newer rules, and higher priority rules are processed before lower priority rules). |
You change the rule priority in the EAC by moving the rule up or down in the list of rules. In the PowerShell, you set the priority number (0 is the highest priority).
For example, if you have one rule to reject messages that include a credit card number, and another one requiring approval, you'll want the reject rule to happen first, and stop applying other rules.
For more information, see Set the priority of a mail flow rule.
|Audit this rule with severity level||SetAuditSeverity||Sets the severity level of the incident report and the corresponding entry that's written to the message tracking log when messages violate DLP policies. Valid values are DoNotAudit, Low, Medium, and High.|
|Mode||Mode||You can specify whether you want the rule to start processing messages immediately, or whether you want to test rules without affecting the delivery of the message (with or without Data Loss Prevention or DLP Policy Tips). |
Policy Tips present a brief note in Outlook or Outlook on the web that provides information about possible policy violations to the person that's creating the message. For more information, see Policy Tips.
For more information about the modes, see Test mail flow rules in Exchange Online.
|Activate this rule on the following date |
Deactivate this rule on the following date
|Specifies the date range when the rule is active.|
|On check box selected or not selected||New rules:Enabled parameter on the New-TransportRule cmdlet. |
Existing rules: Use the Enable-TransportRule or Disable-TransportRule cmdlets.
The value is displayed in the State property of the rule.
|You can create a disabled rule, and enable it when you're ready to test it. Or, you can disable a rule without deleting it to preserve the settings.|
|Defer the message if rule processing doesn't complete||RuleErrorAction||You can specify how the message should be handled if the rule processing can't be completed. By default, the rule will be ignored, but you can choose to resubmit the message for processing.|
|Match sender address in message||SenderAddressLocation||If the rule uses conditions or exceptions that examine the sender's email address, you can look for the value in the message header, the message envelope, or both.|
|Stop processing more rules||StopRuleProcessing||This is an action for the rule, but it looks like a property in the EAC. You can choose to stop applying additional rules to a message after a rule processes a message.|
|Comments||Comments||You can enter descriptive comments about the rule.|
How mail flow rules are applied to messages
All messages (except NDRs) that flow through your organization are evaluated against the enabled mail flow rules in your organization. Rules are processed in the order listed on the Mail flow > Rules page in EAC, or based on the corresponding Priority parameter value in the PowerShell.
Each rule also offers the option of stopping processing more rules when the rule is matched. This setting is important for messages that match the conditions in multiple mail flow rules (which rule do you want applied to the message? All? Just one?).
Differences in processing based on message type
There are several types of messages that pass through an organization. The following table shows which messages types can be processed by mail flow rules.
|Type of message||Can a rule be applied?|
|Regular messages: Messages that contain a single rich text format (RTF), HTML, or plain text message body or a multipart or alternative set of message bodies.||Yes|
|Message Encryption: Messages encrypted by Message Encryption in Microsoft 365 or Office 365. For more information, see Encryption.||Rules can always access envelope headers and process messages based on conditions that inspect those headers. |
For a rule to inspect or modify the contents of an encrypted message, you need to verify that transport decryption is enabled (Mandatory or Optional; the default is Optional). For more information, see Enable or disable transport decryption.
You can also create a rule that automatically decrypts encrypted messages. For more information, see Define rules to encrypt email messages.
|S/MIME encrypted messages||Rules can only access envelope headers and process messages based on conditions that inspect those headers. |
Rules with conditions that require inspection of the message's content, or actions that modify the message's content can't be processed.
|RMS protected messages: Messages that had an Active Directory Rights Management Services (AD RMS) or Azure Rights Management (RMS) policy applied.||Rules can always access envelope headers and process messages based on conditions that inspect those headers. |
For a rule to inspect or modify the contents of an RMS protected message, you need to verify that transport decryption is enabled (Mandatory or Optional; the default is Optional). For more information, see Enable or disable transport decryption.
|Clear-signed messages: Messages that have been signed but not encrypted.||Yes|
|Anonymous messages: Messages sent by anonymous senders.||Yes|
|Read reports: Reports that are generated in response to read receipt requests by senders. Read reports have a message class of ||Yes|
What else should I know?
- The Version or RuleVersion property value for a rule isn't important in Exchange Online.
- After you create or modify a mail flow rule, it can take up to 30 minutes for the new or updated rule to be applied to messages.
- You can create a transport rule to bypass EOP and allow mail to flow without delay from internal senders such as scanners, faxes, and other trusted sources that send attachments that are known to be safe. Do not bypass filtering for all internal messages; in this situation, a compromised account could send malicious content.
- History and changes to mail flow rules are not maintained, so you can't revert mail flow rules back to previous states.
For more information
Manage mail flow rules
Mail flow rule procedures in Exchange Online
Journal, transport, and inbox rule limits
You can use mail flow rules (also known as transport rules) to identify and take action on messages that flow through the transport pipeline in your Exchange 2016 and Exchange 2019 organization. Mail flow rules are similar to the Inbox rules that are available in Outlook and Outlook on the web (formerly known as ...What is Exchange transport rule? ›
Transport rules are similar to the Inbox rules that are available in Outlook and Outlook Web App. The main difference is transport rules take action on messages while they're in transit, and not after the message is delivered to the mailbox.What are the 3 main components of a transport rule? ›
Transport rules consist of three components: conditions, exceptions, and actions. These rules can be created under the. In-depth coverage of Transport Rules are outside the scope of this book, however.How do you create a transport rule in Exchange? ›
Use the EAC to create a transport protection rule
Navigate to Mail flow > Rules. In New Rule, first click More options, and then complete the following fields: Name: Type a name for the transport rule. Apply this rule if: Select a condition and enter any required values for the condition.
Open the transport rule for editing
Open the Exchange admin center. Go to Mail flow > Rules. Select the CodeTwo Exchange transport rule and click the Edit rule conditions button (Fig. 1.).
In Exchange Server, mail flow occurs through the transport pipeline. The transport pipeline is a collection of services, connections, components, and queues that work together to route all messages to the categorizer in the Transport service on an Exchange Mailbox server inside the organization.What is mail flow in Exchange Online? ›
The path email takes from the internet to a mailbox and vice versa is called mail flow. Most organizations want Microsoft 365 or Office 365 to manage all their mailboxes and filtering, and some organizations need more complex mail flow setups to make sure that they comply with specific regulatory or business needs.How do I check my mail flow rules? ›
Use the new Exchange admin center to view a rules report
In the new EAC (https://admin.exchange.microsoft.com), go to Reports > Mail flow. On the Mail flow reports page, find and select Exchange Transport Rule report.
Use a test mode with an incident report action
- Select Add action, or, if this isn't visible, select More options, and then select Add action.
- Select Generate incident report and send it to.
- Click Select one... and select yourself or someone else.
Actions in mail flow rules (also known as transport rules) specify what you want to do to messages that match conditions of the rule. For example, you can create a rule that forwards message from specific senders to a moderator, or adds a disclaimer or personalized signature to all outbound messages.
DLP policies are simple packages that are collections of mail flow rules (also known as transport rules) that contain specific conditions, actions, and exceptions that filter messages and attachments based on their content. You can create a DLP policy, yet choose to not activate it.What are the 4 types of transport? ›
Air, Road, Sea and Rail. These are the four major modes of transport (or types) in the logistics industry.What are the 5 types of transportation? ›
The different modes of transport are air, water, and land transport, which includes rails or railways, road and off-road transport. Other modes also exist, including pipelines, cable transport, and space transport.What are the 7 types of transportation? ›
- Buses. Many rural communities use buses as the primary vehicle for their public transportation systems, operating fixed-route service on a regular schedule. ...
- Passenger Train Service. ...
- Passenger Air Service. ...
- Personal Vehicles. ...
- Pedestrian Transportation. ...
- Boats. ...
- Resources to Learn More.
to find which transport rule was applied to a specific message, Get-MessageTrackingLog returned no RuleID in EventData - Microsoft Q&A.How long do transport rules take effect? ›
After you create or modify a mail flow rule, it can take up to 30 minutes for the new or updated rule to be applied to messages.What is an ETR override? ›
Microsoft will send you an informational email alert when they detect that an Exchange Transport Rule (ETR) has allowed the delivery of a high confidence phishing message to a mailbox. The alert is titled "Phish delivered due to an ETR override" and you may received this after launching a phishing simulation campaign.How do I remove the transport rule in Office 365? ›
- Distinguished name (DN)
- Configure your Microsoft 365 or Office 365 environment.
- Set up a connector from Office 365 to your email server.
- Change your MX record to redirect your mail flow from the internet to Microsoft 365 or Office 365.
This cmdlet is available in on-premises Exchange and in the cloud-based service. Some parameters and settings may be exclusive to one environment or the other. Use the Export-TransportRuleCollection cmdlet to export the transport rules in your organization.
Each licensed org can send single emails to a maximum of 5,000 external email addresses per day based on Greenwich Mean Time (GMT). For orgs created before Spring '19, the daily limit is enforced only for emails sent via Apex and Salesforce APIs except for the REST API.How does centralized mail flow work? ›
Centralized Mail Flow Agent
Once an Exchange Online originating message with external recipient is received by the Edge Transport server, the message is routed to the appropriate Mailbox server.
Alternatively, an email can be sent to an external address by using the Send Email flow action. This method is useful if you don't have an email alert/email template already defined, or if you don't necessarily need to send an email in relation to a specific record. 1.Where are transport rules in Office 365? ›
Log into your Office 365 Admin portal and go to Exchange administration (“ADMIN” -> “Exchange”), as shown in the image below. Go to “mail flow” section. Under “rules“, click on “+” button and select the option “Create a new rule…“. The new transport rule window will be displayed.Where is mail flow in o365? ›
Locating the Mailflow report in the Exchange Admin Center
These reports can be found at this path: Exchange Admin Center > Reports > Mail Flow. Note that this is applicable to the new Microsoft 365 Admin portal only.
When centralized mail transport is enabled, incoming Internet messages are routed as follows in a hybrid deployment: An inbound message is sent from an Internet sender to the recipients firstname.lastname@example.org and email@example.com. Julie's mailbox is located on an Exchange Mailbox server in the on-premises organization.How do I check my mail flow in Exchange Online? ›
Open the new EAC at https://admin.exchange.microsoft.com, expand Reports, and then select Mail flow.How do you find out if a transport rule was triggered during mail processing in Exchange Online? ›
- In the EAC, go to Mail flow > Message trace.
- Find the messages that you want to trace by using criteria such as the sender and the date sent. ...
- After locating the message you want to trace, double-click it to view details about the message.
- Look in the Event column for Transport rule.
Use the Import-TransportRuleCollection cmdlet to import a transport rule collection. You can import a rule collection you previously exported as a backup, or import rules that you've exported from an older version of Exchange.How long does it take for a transport rule to take effect? ›
After you create or modify a mail flow rule, it can take up to 30 minutes for the new or updated rule to be applied to messages.
- Step 2: Click menu and sub menus Extras > Other requests > Add.
- Step 3: Input the transport request (e.g. ITMK620_00035U as the transport request name), after click the enter button, the transport will be added into the import buffer.
- Log in to your CTS system and enter transaction STMS in the command field.
- Select the Import Overview icon . ...
- Double-click the target system SID code. ...
- Import the entire queue or select specific transport requests to import.
- In the Exchange admin center (EAC), go to Mail flow > Rules.
- Create a new rule, or select an existing rule, and then select Edit.
- Scroll down to the Choose a mode for this rule section, and then select Test without Policy Tips or Test with Policy Tips.
In Exchange Server, mail flow occurs through the transport pipeline. The transport pipeline is a collection of services, connections, components, and queues that work together to route all messages to the categorizer in the Transport service on an Exchange Mailbox server inside the organization.