After getting a lot of phishing emails with suspicious HTML attachments, I was scared and decided to pull the trigger to get them blocked on the server level so no one will see them in their Outlook inbox.
Sign into Microsoft 365 Portal and go to Exchange Admin Center.
Click Mail Flow on the left-side pane, and click the little + icon to add a new rule.
Name the Rule, select the following rule as the condition,
Any attachment's file extension matches...'html' or 'htm'
Pick on the following actions as it fits your goal.
- Forward the message for approval
- Redirect the message to
- Block the message
- ect.
If you only want to apply the rule to incoming messages, you can add an exception to allow outgoing emails with the same attachment.
Here is one example of the rule I set in place.
If you are using the Approval approach, you will get emails containing any HTML files for you to approve, like below.
As you can tell, it’s already caught one.
As of 2021 that option is not available in the standard Exchange Admin Centre for Office 365. The only apply this rule if… that mentions attachments is Any Attachments’ content includes… and allows only words in the list. There are no extension options. These extension filtering options are now in Security and need to be edited manually via a script in order to add .htm or .html see http://byronwright.blogspot.com/2017/09/customizing-file-types-for-common.html
No, they are still there… click show more on the bottom, and then go back to the drop down and there will be more advance options re-worded.
Thank You. Very helpful
really helpful. It is easy to miss the show more button to find this. Thanks for taking the time to share your solution.
For some reason, this only seems to be working on outbound email for us. If a scammer sends an HTML attachment, it makes it through but when anyone internally tries to send on, it blocks it.
Oh here is the summary
Block_hostile_attachments
If the message…
has an attachment with a file extension that matches one of these values: ‘bat’ or ‘exe’ or ‘html’ or ‘htm’ or ‘msi’ or ‘vbs’
Do the following…
reject the message and include the explanation ‘Disallowed File Extension on Attachment’ with the status code: ‘5.7.1’
and Stop processing more rules
Rule comments
Rule mode
Enforce
Additional properties
Sender address matches: Header or envelope
For rule processing errors: Defer
Version: 15.0.1.1