Caution message for incoming mail outside the domain
Idea shared by Fred Verna - 3/11/2021 at 8:23 AM
How about the ability to add something like this to body of the email coming from outside the Domain.

It seems this is going to a requirement from any Cyber Insurance companies.

10 Replies

Reply to Thread
Robert Emmett Replied
Employee Post

While the following solution does not put a banner or inject the caution into the message body, you can configure a domain-level content filter to prepend [EXTERNAL] or some other text in the subject line.

1. Create a new domain-level content filter
2. Enter name, for example, External Email
3. Set Match Type to ALL conditions must be met
4. Add a new condition with the following settings:
   - Condition Type -> From Address
   - Field -> From specific domains
   - Comparison -> Does Not Match
   - From specific domains -> yourdomain.com
5. Add an action with the following settings:
   - Action -> Add Text to Subject
   - Text to Add -> [EXTERNAL] or [CAUTION], etc.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
Already tried this and it causes more confusion to the end user. The banner is the best solution.
It appears that this request was at least partially implemented in build 7719.   After upgrading recently to this build, I noticed that a message from VMWare appeared with this banner:

    This message contains content from external sources.

The banner is highlighted with a pale yellow background, and it appears between the "To:" address and the [Message] tab, so it is not part of the message itself.   However, I have messages from multiple external sources, and this is the only one that triggered the banner.

One benefit of this approach is that it is apparently not based on altering the message, so it presumably will not break DKIM signatures.    By comparison, the suggestion to add text to the subject or body will break DKIM signatures.

Can someone from SmarterTools clarify how this feature works -- what message characteristics cause it to be displayed, whether the message can be disabled and re-enabled by the system manager, and whether the system manager can control the specific wording used?

This type of tagging has become popular because many email clients have chosen to hide the FROM address from the user, a move that is unfortunate, risky, and unjustified.  SmarterMail used to do this also; now it only hides the FROM address some of the time.  I wish it was never.   (Hovering over the Friendly Name will always display the address.)

There is a lively debate about how much "Trust indicators" like this can actually affect user behavior.   This is the only journal article that I have found on the subject, but would be interested in what others can find.

-1 for any of this

[EXTERNAL] is unprofessional and uninviting to anyone who encounters it.

Email is supposed to be global. The banner would get old really quick.

Let's not forget what an email message is. ALWAYS BE AWARE.

You can only cater to dumb up to a certain point. Let's build SmarterMail not DumberMail.
We use the [EXTERNAL] subject message as we have no choice - this has reduced the no. of times users fall for spoofed phishing messages so it was beneficial. But a banner would indeed be more professional.

A banner with the ability to turn on/off is my vote!  Thanks for listening.
We would definitely use that.
The domain level content filter also seems to have another unwanted side-effect: user-level content filters randomly do not work. This started about the time we implemented the domain level content filter to prepend [EXTERNAL] to message subject.
But banner will only appear in wrbmail.   Cell phone and email client are missed.   Content change appears everywhere.
+1 to insert customizable banner to message. 

Reply to Thread