Enabling notifications for incoming external emails

Administrators can have text added to the top of all incoming email sent by users outside your domains. This message might be used to remind your users to use caution and avoid clicking links or opening file attachments in messages that haven't originated from within your environment.

Note: This feature is disabled by default.

External email notifications allow you to set custom text to add before the Subject line or message body of emails coming from outside your environment. Unlike message disclaimers (sender-based policies) and recipient-based policies, this feature allows a single text or HTML configuration for all external mail.

The notification text is added once the mail's sender and SMTP reverse-path are determined to be from outside your local internet domains. If either the mail's "From" domain or SMTP reverse-path domain are not domains listed in your Global Domain documents, then the mail is considered external, and the Subject line or message body is updated to include the notification text.

If DKIM signature verification is enabled by administrators and the sender is identified as external, your SMTP servers will add the notification text after verification to maintain email authentication procedures. Results of DKIM signature verification will not be affected by any external email notification. Similarly, S/MIME signed or encrypted messages will not have the notification added before the message body, only the Subject line, to maintain S/MIME signature checks.

It's expected that all incoming mail has passed all anti-spam or anti-spoof verification before the SMTP server checks to see if the sender is external. No anti-spoof checks will be provided by this feature.

NRPC-routed mail will be unaffected. Only those received via SMTP, when the feature is enabled and the mail is determined to be external, will be modified according to your configurations.

Setting up external email notifications

To enable external email notifications, configure the settings in the Server Configuration document in names.nsf, in the External Email Notifications section on the SMTP/Router > Restrictions and Controls > SMTP Inbound Controls tab.

Here you'll be able to specify notification text to add to the messages and other settings, such as where to display the text, as follows:


Setting	Options
External email notifications	Select one of the following: Disabled (default) Enabled for external domains For messages whose "From:" domain is not listed in Global Domain documents defined on your server Enabled for all messages If you know that only external mail is coming into the SMTP server, you can enable this to consider all incoming mail as external and add the notification text to all mail received via the SMTP server. This is more efficient than checking the “From” domain of incoming mail against the list of domains in the Global Domain Documents. This is the recommended setting for inbound only SMTP servers, with "Exceptions for trusted hostnames/IP addresses" populated as necessary.
Notification type	Select one of the following: Add to beginning of Subject only (default) For example, "[EXTERNAL] Re: Offer good only until midnight August 1" Add to beginning of message, or Subject if message signed Add to beginning of message only Not applicable to S/MIME signed or encrypted mail You cannot add both Subject and message notifications.
Text to add to Subject	Plain text to prefix the Subject line, if selected in notification type. Limited to 30 characters, for example "[External] ". If you'd like a space between the notification text and the original Subject line, you need to include that space into this field value.
Notification text format	Format of the notification text added to the message body, if selected in notification type, either: HTML Plain text
Text or HTML to add to message	Notification text to add to the beginning of the message body, if selected in notification type. Limited to 4,000 characters. Note: HTML will not be validated. Make sure to test it locally by putting the HTML in a file and opening it on your browser.
Exceptions for trusted hostnames/IP addresses	Enter trusted hostnames or IP address that will be exempted from having external email notifications added. Items need only match the end of host names, for example "acme.com" will match "serv1.acme.com". IP addresses may be enclosed in square brackets and may include an asterisk (*) as a wildcard for subnet addresses. CIDR notation is also supported.

Note: The character set of a message might not be the same as that used by your notification text, in which case characters will be re-encoded to Unicode (UTF-8). Unicode provides a widely adopted encoding compatible with all languages. However, re-encoding to "Use Best Match" is available as per-server option via the notes.ini setting SMTPExternNotifyUnicode=0.

How external email notifications are displayed

A user receiving a message from outside their domains can see the notification text, either in the message body or in the Subject, using any mail client. For S/MIME-signed or encrypted external mail, the user will see the notification text prefixed to the Subject line.

The user can reply to an external mail with the message history included, and the notification text will also be included in its original location, either in the Subject line or message body. If designated in the Subject line, the notification text will be added just once, instead of for every reply or forward like so: "Re: [External] Re: [External]". The preview of mail threads will also display the notification text.