The Exchange Online service in Microsoft 365 is one of the best in the world for email and collaboration services. When combined with services from Hotmail.com, Outlook.com and other Microsoft email systems, you can imagine the jaw dropping scale at which Microsoft operates. With the huge popularity of its services and the volume of email Microsoft processes every day, it, along with Gmail, Yahoo mail, and other services have also become a large target for phishing, spoofing, and other types of malicious emails.
The number one goal of an attacker is to get the user to click on something. Often times, an attacker will send an email from an email account with the same name as someone you correspond with or perhaps as that of a leader in your company. Many companies offer user training to help identify these types of attacks that come from external sources, but this isn’t just a race to the finish line. Rather, securing email and training users (the human element) to quickly identify suspicious email is a multi-pronged approach that will continue to evolve.
I am writing this two part blog series to describe two ways in which an administrator can insert a tag in the subject line of every email that originates from outside an organization. The tag will be simple…every email subject line will be pre-pended with [External]. I’ll describe two methods that can be used to implement this rule in Microsoft Office 365.
The first method is designed to use a Microsoft Exchange Transport Rule. This rule will apply to every external received, no matter what email client or device is being used (good for Outlook, the Outlook app on iOS and Android, and more). To keep things more simple, I will only use the Exchange Admin Center with the graphical interface in the setup instructions. There is of course a way to do this in PowerShell that I will not outline in this blog series.
The second method was released by Microsoft in March 2021 and impacts the web version of Outlook as well as the iOS and Android Outlook apps. It does not apply to the full Outlook client. This method can be found in the link below.
It is up to you which method is better to implement in your organization. No matter which method is used, I strongly encourage this be implemented as soon as possible.
Blog Series Links:
Part One (this one): Office 365 External Email Notice Configuration – Part 1