First Contact Safety Tips in Exchange Online

I spotted a mysterious note while reading Microsoft Documentation about Anti-Phishing policies with an important note of a configuring a header to enable a message on certain emails that will say:

‘You don’t often get email from emailaddress@contoso.com. Learn why this is important at http://aka.ms/LearnAboutSenderIdentification

or

‘Some people who received this message don’t often get email from emailaddress@contoso.com’

When I discovered this, I couldn’t find a google search result on X-MS-Exchange-EnableFirstContactSafetyTip beyond this single tip above. No instructions or details anywhere. It sounded like something I wanted though, and after some basic testing I couldn’t get it to work.

After raising it with Microsoft, it’s been clarified that this value needs to be set to ‘Enabled‘ – not ‘True’ or ‘Yes’. It was also recommended to only apply to emails coming from outside the organisation. This is fairly easily achieved via a Transport Rule, and you can narrow it down to certain recipients if you’d like to test it first:

At this stage I’m getting mixed results with it. In my Australian Microsoft 365 tenant, it’s adding the warning to the body of the email rather than a safety tip – I first thought this was probably an Outlook 2016 thing:

but the same happened in Outlook for the Web:

On my US tenant, it worked a bit differently in both Outlook 2016 and Outlook for the Web:

The tip appears at the top of the email but in a grey box, more closely resembling how it would look as a Safety Tip.

I’ve also seen the Safety Tip work on Outlook for the Web but only in a threaded email, and not at the top of the email – some weird things going on.

Anyway, it may be something worth playing with, but until we see more information about this feature, I’d leave it in testing mode only.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.