How to Add a Security Disclaimer to Emails in Exchange Server?

Published on: July 14, 2025
Author: MAHARJAN | Maharjan-Tech

In today’s environment of rising phishing and email-based attacks, organizations must take every step to warn users and protect sensitive data. One of the most effective, yet simple, ways to enhance email security awareness is by adding a disclaimer or caution message to emails originating from external sources.

In this post, we’ll walk through how to add a red, bold security disclaimer to all incoming emails from outside your organization using Microsoft Exchange Server (2019 or Subscription Edition).

Step-by-Step: Add Email Disclaimer in Exchange Server

Using Transport Rule (Recommended)

1. Open Exchange Admin Center (EAC):

• Navigate to Mail Flow → Rules

2. Create a New Rule:

• Click “+” → “Create a new rule”

3. Configure Rule Settings:

• Name: Disclaimer-Message
• Apply this rule if:
  → The sender is located Outside the organization
• Do the following:
  → Apply a disclaimer to the message → prepend a disclaimer
  → Enter the following HTML: CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

4. Fallback Action: Choose “Wrap” or “Ignore”

5. Save and wait a few minutes for the rule to take effect.

Configuration Screenshot:

Result Disclaimer:

🔄 If Changes Don’t Apply Immediately

You may restart the Microsoft Exchange Transport Service:

Restart-Service MSExchangeTransport -Force

This ensures the updated transport rule is loaded without rebooting the entire server.

Conclusion

Adding an external email disclaimer is a lightweight but powerful step toward better security awareness. It trains users to think before they click, helps detect suspicious activity, and complements broader cybersecurity practices.

Stay tuned for our upcoming blog where we explore automated phishing detection in Exchange using header filtering