Mastering Mail Flow: Ensuring Anti-Malware Checks Before Transport Rules


It seems that the transport rules are taking precedence over the anti-spam and anti-malware filters. Could you advise if there is a configuration option available that would allow the security checks to be applied before the transport rules are processed?”


In the intricate world of email administration, maintaining the delicate balance between efficient email routing and robust security measures is paramount. A common challenge faced by administrators is the order in which transport rules and security checks are applied. As observed, transport rules often take precedence, leading to a scenario where emails, even potentially harmful ones, are forwarded before being scrutinized by anti-spam and anti-malware filters.

The Dilemma:

Transport rules are designed to streamline email flow, redirecting messages based on specific conditions. However, when these rules override security protocols, it can result in the forwarding of unchecked emails, potentially bypassing critical defense mechanisms provided by solutions like Microsoft Defender.

The Solution:

To address this, administrators seek a configuration that would invert the order, allowing security checks to be executed prior to the application of transport rules. This ensures that only emails deemed safe are forwarded, enhancing the overall security posture.

Configuration Options:

While the default behavior in systems like Microsoft Exchange prioritizes transport rules, there are ways to adjust this. One approach is to utilize priority settings within the transport rules themselves. By assigning a lower priority to forwarding rules, administrators can ensure that security checks take place first.

Another method involves the strategic placement of mail flow rules within the Exchange admin center. By carefully ordering the rules, with security-related actions at the top, one can influence the sequence of operations.

Best Practices:

It’s crucial to regularly review and update the transport and security rules to adapt to evolving threats. Implementing a layered security strategy, where multiple checks are performed at different stages of the email processing pipeline, can significantly reduce the risk of security breaches.


In conclusion, while there is no direct ‘switch’ to change the precedence order, careful configuration and rule management can effectively prioritize security checks over transport rules, fortifying the email system against malicious threats.

By implementing these strategies, organizations can better protect their communication channels, ensuring that security is not compromised in the pursuit of efficiency.

Leave a Reply

Your email address will not be published. Required fields are marked *

Privacy Terms Contacts About Us