Chat now
Client portal
Call us

Use mail rules in Office 365 to tag emails with spoofed senders

Fraudulent e-mails are becoming much more common these days. Scammers are doing their research and are often sending emails that look like they are coming from the CEO or someone else in high standing at a company by spoofing the ‘from’ address. Imagine if one of these emails were sent to someone within the company requesting them to make a wire transfer. The emails may look very legitimate and people are getting fooled by them.

Office 365 mail rules can be used to tag the email with a disclaimer to let the recipient know that the email may be a scam. The rule can be set up so if an email is coming from outside the organization, but is from an internal domain it will add a disclaimer to the top of the email to let the recipient know it may be a spoofed email and they should proceed with caution.

To set up the mail rule, log into the Office 365 management portal and open Exchange Management. Go to Mail Flow > Rules and create a new rule.

Set up conditions to detect if the sender is outside of the organization and if the sender’s domain is one of your internal domains. Set the condition to add the disclaimer of your choice to the email.

Here is the rule we set up:


You should note that this will add the disclaimer to emails from devices such as scanners that may send emails using a SMTP relay. Emails sent by 3rd parties on your behalf, such as a service like Constant Contact, may also get tagged with the disclaimer if they are sent to internal recipients.

You can set up your rule not to add the disclaimer to these messages by adding an exception in the rule to ignore emails from specific email addresses. Just click the add exception button in the rule and specify the sender.


This simple rule adds a great amount of security to email in Office 365. End users that may not know better are now given a very visible warning that an email may be a scam and this could prevent huge losses

For more information on how you can use mail rules in Office 365 to tag and alert you to emails with spoofed senders, continue reading here.