When you receive a large volume of mails, it can often become cumbersome to process through each one and to distinguish when a mail was sent internally vs externally from a user with a similar name. On it’s own, replying to someone externally with a message you assumed was going internally can lead to embarrassing situations but more worrying, attackers often rely on this to tailor phishing mails to try to catch the user unaware.

Using a Disclaimer

There are already various solutions to try and mitigate this problem, such as defining a transport rule to prepend a warning on all external mails. This solution is pretty good as we can format the warning to make it catch the users eye.

I’ve seen push back on this in the past as it does hinder the message preview in places like the Outlook Mobile App which can annoy users. We could also append the disclaimer but this can be easily missed.

Prepend to the Subject

Using the same method as above, we can also update our rule to prepend the subject however this can also give users a bad experience.

When using this method it’s important to ensure it is not applied multiple times to the same mail chain or we can end up a long string of our chosen term at the start of the subject.

Use Conditional Formatting in Outlook

Another method is to use Outlooks Conditional Formatting feature to identify particular mails and apply formatting such as a colour to them. This can be done from the “View” tab in Outlook, under “View Settings” and “Conditional Formatting”. Here we can add a rule to identify mails from our internal Domains and apply particulatr colour and formatting.

This will then colour internal and external mails differently allowing us to easily distinguish between them.

Tag External Emails

This one is a relatively new feature, Exchange Online now offers the ability to automatically tag external emails in Outlook on the Web, Outlook for Mac and Outlook for iOS/Android, according to the documentation, certain versions of Outlook for Windows will see this as a mail tip also however I haven’t been able to test this yet. To turn this feature on, connect to the Exchange Online Management Shell and run the command:

Set-ExternalInOutlook -Enabled:$true

This will enable the external email tag feature for all external domains.

Summary

There are a variety of methods available to help users identify external emails in Outlook and while it seems like a small thing to implement, anything that helps users be vigilant for potential phishing is absolutely worth it. I recommend considering one or a combination of these options. There are also third party plug-ins out there that can provide more flexibility but I won’t go through them here.