Legal disclaimers in Exchange 2010: letting the lawyers insert themselves

Automatically add a legal disclaimer on e-mail using the New-TransportRule cmdlet.

Let's talk about how to manage disclaimers in Exchange 2010. Disclaimers (aka lawyer-speak) are normally used to denote some form of limit or scope for the rights and obligations for parties in a legally-recognized relationship.

Typically, the limit or scope denoted by a disclaimer is one that attempts to address the exposure to damages for the originating party and is applied during situations that involve some level of uncertainty or risk.  In relation to email, a disclaimer might be appended to an email message or used to construct the sender’s signature thus applying a standardized name, title, department, company, location, and legal disclaimer.

In Exchange, there have been various “ways” to add disclaimers to email messages since Exchange Server 5.5.  However, the methods typically were very basic and often required some ingenuity to rig up a solution that met the often obtuse legal requirement that dictated the usage of a disclaimer. Luckily, starting with Exchange Server 2007, Microsoft introduced a new feature called transport rules. With transport rules, messaging administrators were able to apply messaging policies to email messages which flow through the transport pipeline on Hub Transport and Edge Transport servers. For example, by using transport rules, these administrators are able to (for the first time) use a standard interface to control:

  • Inappropriate content from entering or leaving the organization
  • Filtering confidential organization information
  • Tracking or archiving messages that are sent to or received from specific individuals
  • Redirecting inbound and outbound messages for inspection before delivery
  • Applying disclaimers to messages as they pass through the organization

Therefore, to manage disclaimers in Exchange Server 2010, means that you will need to delve into the art of transport rules.  To create a transport rule to apply a disclaimer to all outbound email messages, you can either use the new Transport Rule Wizard in the Exchange Management Console (EMC).  Or, you can use the New-TransportRule cmdlet in the Exchange Management Shell (EMS).  My preference and this should be your preference, is to use the cmdlet.  For example:

New-TransportRule -Name OutboundDisclaimer -Enabled $true -SentToScope 'NotInOrganization' -ApplyHtmlDisclaimerLocation 'Append' -ApplyHtmlDisclaimerText "<h3>Warning</h3><p>This message is confidential. It may also be privileged or otherwise protected by work product immunity or other legal rules. If you have received it by mistake, please let us know by e-mail reply and delete it from your system; you may not copy this message or disclose its contents to anyone. Please send us by fax any message containing deadlines as incoming e-mails are not screened for response deadlines. The integrity and security of this message cannot be guaranteed on the Internet.</p>" -ApplyHtmlDisclaimerFallbackAction Wrap

This example is pretty simple.  The only thing to really note is the use of the ApplyHtmlDisclaimerFallbackAction parameter which is being set to Wrap (if the disclaimer can't be inserted into the original message, Exchange encloses, or wraps, the original message in a new message envelope. Then the disclaimer is inserted into the new message) which is the default behavior.

However, what if you wanted to set a disclaimer for all internal email?  For example, your legal department wanted some sort of warning message that stated internal email messages cannot be forwarded outside of the organization.  Well luckily that is also a pretty simple task as well using the New-Transport cmdlet:

New-TransportRule -Name InternalDisclaimer -Enabled $true -SentToScope 'InOrganization' -ApplyHtmlDisclaimerLocation 'Append' -ApplyHtmlDisclaimerText "<h3>Warning</h3><p>Please do not forward internal email messages outside of the company.  Bad things may happen to you!</p>" -ApplyHtmlDisclaimerFallbackAction Wrap

You will notice the SentToScope parameter is set to InOrganization which denotes that the transport rule only applies to messages sent to recipients that are considered inside the organization.

Lastly, what if your legal department is being a real pain and you need to apply a special type of message header (disclaimer) notifying recipients certain information about the email’s sender.  For example, what if all internal email messages from trade restricted senders needs to have a TR label applied to them.  Luckily, this is pretty simple and might look like the following command:

$Signature = '<div style="backgroun-color:#D5EAff; border:1px dotted #003333; padding:.8em;"> `

<span style="font-size:12pt; color:#ff0000;">TR WARNING</span></br> `

<p style="font-size:8pt; line-height:10pt">This message was sent from a trade restricted (TR) individual!</p> `

</div>

New-TransportRule -Name TRDisclaimer -Enabled $true -SentToScope 'InOrganization' -FromMemberOf "Trade Restricted" -ApplyHtmlDisclaimerLocation 'Prepend' ApplyHtmlDisclaimerText $Signature -ApplyHtmlDisclaimerFallbackAction Wrap

With this command, you will notice that it only applies to senders that are members of the Trade Restricted group.  In addition, the ApplyHtmlDisclaimerLocation is being set to Prepend which means that the “disclaimer” will be appended as a header vs. a footer in the message.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT