Skip to main content

The external email banner does not appear in SMARTFENSE emails

  • Updated

Some email environments automatically add an alert banner to messages coming from outside the organization. In certain cases, SMARTFENSE emails do not display this banner because another transport rule intercepts them first and skips applying it. This article explains how to resolve this situation so that the banner appears on phishing simulation emails.

Note: If your organization uses the direct injection delivery method (DMI), SMARTFENSE emails are inserted directly into the user’s inbox without passing through the transport flow. In that case, no transport rules run—including the banner rule—and the solution described in this article does not apply. To have the banner appear in DMI environments, it must be customized directly in the content of SMARTFENSE simulation emails from the Custom Content section.

Why does this happen?

In Exchange and Microsoft 365, transport rules run in order of priority. If there is a rule that processes emails with attachments—such as the Omit ATP Attachments rule—and that rule has higher priority than the banner rule, SMARTFENSE emails (which include images or other attachments) are caught by that rule first. As a result, they never reach the banner rule, and the alert notice is not added to the message.

Prerequisites

  • Access to the Exchange Admin Center or the Microsoft 365 admin portal.
  • Permission to edit transport rules.
  • The HTML snippet of the banner your organization uses.

Steps to resolve the issue

1. Obtain the HTML snippet of the banner

  1. Open in Outlook an email that does show the alert banner (for example, an external email without attachments).

  2. Click the three dots on the message → View source.

    This step applies to classic Outlook (desktop) and Outlook Web Access (OWA). In New Outlook, the option may not be available; in that case, use OWA to get the source code.

  3. Locate the HTML block corresponding to the external alert banner.
  4. Copy that entire snippet.

2. Add the banner to the attachment transport rule

  1. Log into the Exchange Admin Center.
  2. Navigate to Mail flowRules.
  3. Locate the transport rule that processes attachments (for example, Omit ATP Attachments).
  4. Edit that rule and add a "Do the following" action.
  5. Expand the first dropdown and choose Apply a disclaimer.
  6. In the second dropdown, select append a disclaimer.
  7. Click the Enter text link that appears under the action to open the specify disclaimer text panel.
  8. Paste the HTML snippet of the banner obtained in step 1.
  9. In the Select one dropdown, choose the fallback action that Exchange will take if it cannot insert the HTML into the message body:
    • Wrap — wraps the original message as an attachment and applies the banner to the new message. This is the most common and recommended option.
    • Ignore — sends the message without the banner. Useful if you prefer the email to arrive even without the alert.
    • Reject — rejects the message and does not deliver it. Not recommended for this case.
  10. Press Save.

By including the banner directly in the attachment rule, all external emails processed by that rule—including SMARTFENSE emails—will display the alert notice.

3. Verify the result

  1. Send a test email from SMARTFENSE to a user in the organization.
  2. Confirm that the external email banner appears correctly in the received message.

💡 Best practices

  • Review the priority order of all active transport rules. If more than one rule can intercept SMARTFENSE emails, evaluate whether each should include the banner.
  • Select Wrap as the fallback action unless there is a specific reason to use Ignore. Avoid Reject to prevent interrupting simulation email delivery.
  • Document the modified rules and the date of change to facilitate future audits.
  • If your environment uses Microsoft Safe Links or Safe Attachments, verify that those policies do not interfere with simulation links. See the related article about whitelist configuration for Microsoft 365.

Related articles