At my workplace we mandate that emails are encrypted with SMIME certificates. This is only for internal emails as we are aware many external recipients often have issues opening signed or encrypted emails.
In passing my manager suggested that I put a mailflow/transport rule in that would enforce this.
With a lot of trial and error I believe that I got this functioning correctly. Test results below.
Internal to internal unencrypted - Blocked
Internal to internal encrypted - allowed
Internal to internal & external unencrypted - allowed.
The third scenario was complicated as it became clear that each email was being enumerated against the rules individually rather than collectively. So found it hard to find a condition/exception that allowed me to identify this specific recipient scenario.
Comparing the headers of the different scenarios the third scenario I noted "X-MS-Exchange-Transport-Forked: True". This is what I eventually ended up using as an exception to my mail blocking rule and appears to be working ok.
My issue though, is that I am having a hard time locating documentation on specifically what this header is, how it's used, and what the values represent.
In this instance it appears to mark an email that is sent both internally and to a separate domain, which is what I want... But I want to make sure I fully understand this and am not going to break something down the line.
What is this header?
How is it used?
What do the values represent?