Let’s be honest—email disclaimers aren’t glamorous. But if you’re managing Exchange for a mid-sized org, they’re one of those “set it and forget it” things that quietly keep your legal and branding teams happy. I’ve configured disclaimer rules across both on-prem Exchange and Exchange Online, and while the UI hasn’t changed much over the years, the quirks definitely haven’t gone away.
Why I Set This Up
We had a compliance audit coming up, and one of the checklist items was “Ensure all outbound emails include a legal disclaimer.” I’d ignored this for months—mostly because I assumed it was a one-liner in the signature block. Turns out, signatures don’t cut it for org-wide enforcement. So I rolled up my sleeves and built a transport rule.
Step-by-Step: What Actually Works
Here’s how I did it on Exchange Online (same flow applies to on-prem EAC with minor UI differences):
Get into the Exchange Admin Center
I usually start in the browser—Edge, if I’m feeling brave. Log in with your admin creds and head to Mail Flow > Rules.
Create a New Rule
Click the “+” icon and choose Create a new rule. I named mine “Add Disclaimer – External Only” to keep it scoped.
Set Conditions
Most guides say “Apply to all messages,” but I prefer targeting SentToScope = NotInOrganization. That way, internal emails stay clean, and only external recipients get the legal blurb.
Click More options to unlock the full rule editor. You’ll want this.
Add the Disclaimer
Under Do the following, choose Apply a disclaimer to the message > Append a disclaimer.
I used basic HTML for formatting:
<html>
<body>
<p style="font-size:10pt;color:gray;">
This email and any attachments are confidential. If you’re not the intended recipient, please delete it.
</p>
</body>
</html>Pro tip: Keep it short. Long disclaimers can trigger formatting issues, especially on mobile clients.
Fallback Action
Set this to Wrap. If the disclaimer can’t be appended (usually due to formatting conflicts), wrapping preserves the message and adds the disclaimer as a wrapper. Rejecting the message is too aggressive unless you’re in a high-security environment.
Save and Test
Save the rule and send a test email to an external address. I usually CC myself on Gmail to see how it renders. If it looks off, tweak the HTML.
PowerShell Route (For Bulk Ops)
If you’re managing multiple tenants or want to automate this, PowerShell is your friend. Here’s the command I used:
New-TransportRule -Name "Add Disclaimer" `
-SentToScope "NotInOrganization" `
-ApplyHtmlDisclaimerLocation "Append" `
-ApplyHtmlDisclaimerText "<html><body><p>This is a disclaimer.</p></body></html>" `
-FallbackAction "Wrap"Not gonna lie, I’ve bricked a few rules by forgetting the backticks. Always test in a dev tenant if you can.
Gotchas and Lessons Learned
- HTML formatting: Outlook renders differently than Gmail. Stick to inline styles and avoid complex layouts.
- Rule priority: If you’ve got other transport rules (e.g., encryption, forwarding), make sure the disclaimer rule doesn’t conflict or get overridden.
- Mobile clients: Some mobile apps strip disclaimers or render them poorly. Test across devices.
Final Thoughts
Disclaimers aren’t exciting, but they’re essential. Once you’ve got the rule dialed in, it’s mostly maintenance—just remember to update the text if your legal team changes the wording.
Ever had a disclaimer rule silently fail because of a malformed HTML tag? Or worse, reject a CEO’s email because of a fallback misfire? Let’s hear your war stories—I’m all ears.
