Implement External Email Warning Banners in 365 & Gmail

Introduction

Email spoofing and phishing attacks are major cybersecurity threats for businesses. One effective way to mitigate these risks is by implementing an External Email Warning Banner in Microsoft 365 and Gmail (Google Workspace). This feature alerts users when an email originates from outside the organization, reducing the likelihood of falling for malicious links or attachments.

This guide covers two methods for implementing external email warnings in Microsoft 365:

1. Manual setup via the Microsoft 365 Admin Center

2. Automated deployment using PowerShell

Additionally, we cover how to configure external email warnings in Gmail (Google Workspace).

---

Microsoft 365 Implementation

Method 1: Manual Setup via Microsoft 365 Admin Center

Step 1: Access Exchange Admin Center

1. Log in to the Microsoft 365 Admin Center.

2. Navigate to Exchange Admin Center (https://admin.exchange.microsoft.com).

3. In the left menu, go to Mail Flow > Rules.

Step 2: Create a New Mail Flow Rule

1. Click + Add a Rule and select Create a new rule.

2. Name the rule: External Email Warning.

3. Under Apply this rule if…, select The sender is located… > Outside the organization.

4. Under Do the following…, select Prepend the subject with… and enter [External].

5. (Optional) To add a banner in the email body:

   • Choose Apply disclaimer to the message.

   • Add the following HTML warning message:

     <div style="background-color: #ffcc00; padding: 10px; font-weight: bold;">
     ⚠️ WARNING: This email originated from outside your organization. Do not click links or open attachments unless you recognize the sender.
     </div>

6. (Optional) Exclude Trusted Domains

   • Click Add Exception > The sender’s domain is….

   • Enter trusted domains (e.g., @trustedpartner.com).

7. Click Save, and the rule will automatically apply to all users.

---

Method 2: Automated Deployment Using PowerShell

For organizations managing multiple tenants or wanting a faster, scalable deployment, PowerShell can be used to apply the warning banner.

Step 1: Connect to Exchange Online via PowerShell

1. Open PowerShell as an administrator.

2. Install the Exchange Online Management module (if not already installed):

   Install-Module ExchangeOnlineManagement

3. Connect to Exchange Online:

   Connect-ExchangeOnline -UserPrincipalName youradmin@yourdomain.com

Step 2: Create a Mail Flow Rule with PowerShell

Run the following command to create a rule that applies an external email warning banner:

New-TransportRule -Name "External Email Warning" `
-FromScope NotInOrganization `
-ApplyHtmlDisclaimerText "<div style='background-color: #ffcc00; padding: 10px; font-weight: bold;'>⚠️ WARNING: This email originated from outside your organization. Do not click links or open attachments unless you recognize the sender.</div>" `
-ApplyHtmlDisclaimerLocation Prepend `
-ApplyHtmlDisclaimerFallbackAction Wrap

Step 3: Verify the Rule

1. Navigate to Exchange Admin Center > Mail Flow > Rules.

2. Ensure the "External Email Warning" rule is active.

3. Send a test email from an external account to confirm the banner appears.

Step 4: Disconnect PowerShell Session

After configuring the rule, disconnect from Exchange Online:

Disconnect-ExchangeOnline

---

Gmail (Google Workspace) Implementation

Method 1: Enable Built-in External Sender Warnings

Google Workspace provides an automatic external sender warning feature that can be enabled in the Admin Console.

Steps:

1. Sign in to Google Admin Console (admin.google.com).

2. Navigate to Apps > Google Workspace > Gmail > Safety.

3. Enable “Display a warning when receiving messages from external senders”.

4. Click Save.

---

Method 2: Create a Custom Gmail Compliance Rule

For a more customized approach, administrators can manually create a rule to apply a custom warning message to all external emails.

Steps to Manually Add a Warning Banner in Gmail:

1. Sign in to Google Admin Console (admin.google.com).

2. Navigate to Apps > Google Workspace > Gmail > Compliance.

3. Scroll to Content Compliance and click Add Rule.

4. Set Conditions:

   • Under “Email messages to affect”, choose Inbound.

   • Under “Expressions”, click Add > Advanced content match.

   • Choose “Sender” > Does not match your domain (e.g., yourcompany.com).

5. Apply Warning Message:

   • Scroll to “Add custom headers or footers”.

   • Add this warning message in HTML format:

     <div style="background-color: #ffcc00; padding: 10px; font-weight: bold;">
     ⚠️ WARNING: This email is from an external sender. Do not click links or open attachments unless you trust the sender.
     </div>

6. Click Save, and ensure the rule is active.

---

Comparison: Microsoft 365 vs. Gmail External Email Warnings

Feature	Microsoft 365	Gmail (Google Workspace)
Built-in Warning	✅ Yes (Manual Rule Required)	✅ Yes (Admin Console)
Custom Warning Banner	✅ Yes (Mail Flow Rules)	✅ Yes (Compliance Rule)
PowerShell Automation	✅ Yes	❌ No (Google Admin Only)
Trusted Senders Exclusion	✅ Yes	✅ Yes
HTML Formatting	✅ Yes	✅ Yes

---

Conclusion

Implementing an External Email Warning Banner in Microsoft 365 and Gmail is a simple yet powerful way to protect your organization against phishing and spoofing attacks. Whether you prefer manual configuration or automated deployment, these solutions help employees stay alert when interacting with external emails. For enhanced security, consider combining this with advanced email filtering and endpoint protection solutions.

Related Reading:

Firewalls Vs. Antivirus: Firewalls and antivirus software are both essential tools in cybersecurity, but they serve different purposes. While firewalls block unauthorized network access, antivirus programs detect and remove malware from your system.

Next-Gen Antivirus: A Modern Security Guide: Next-generation antivirus (NGAV) goes beyond signature-based detection by utilizing cloud technologies, behavioral analysis, and machine learning to offer stronger protection. Discover how NGAV keeps businesses secure.