Conditions and exceptions

Signature rules let you design your signatures, specify when to add them to emails sent by your organization and which users should get them. The signature-adding algorithm is based on conditions and exceptions, defined individually for each signature rule. Conditions are circumstances that need to be fulfilled to trigger a signature rule and add a related signature. Exceptions are the exact opposite – when they are met, your signature will not be added. This article explains how it all works. Read on or use the links below to navigate.

Defining conditions and exceptions for a signature rule

Conditions and exceptions are defined in the Manage Signatures App on the Senders, Recipients and Keywords tabs, with additional settings available on the Options tab.


Keep in mind that the Recipients and Keywords tabs are available for server-side signature rules only. As for client-side signature rules, only the Senders tab is available, where you define which users should have access to a specific signature. These users can then choose different signatures depending on the recipients of their emails directly in Outlook. Learn more about signature modes

To configure conditions and exceptions for a signature rule, launch the Manage Signatures App, log in to your tenant, and select your signature rule from the list or create a new one: either server-side or client-side. The Overview tab allows you to name your rule and add an optional description. When you're finished, proceed to the Senders tab.


The Senders tab lets you specify users to whom your signature rule will be applied (Fig. 1.). If you are configuring a server-side signature rule, the top list (Add signatures to emails...) allows you to define conditions by choosing senders whose emails will be stamped with your signature. The bottom list (Do not add signatures to emails...) allows you to add exceptions – users who will not get the signature. As for client-side signature rules, the Senders tab is where you define users that will have access to the signature from Outlook.

The Senders tab with 1 condition and 1 exception configured.
Fig. 1. The Senders tab with 1 condition and 1 exception configured.

The program allows you to define the Senders conditions and exceptions in many ways: you can add all or individual users, members of selected groups in your organization, or set custom filters based on Azure AD attributes.


The scope of users who can get signatures might also be limited during the configuration of connectors. Learn more

If you add multiple different senders on the conditions list (the top list in Fig. 1.), they are all connected by the OR logical operator; exceptions on the bottom list work in the same way. In the example shown in Fig. 1. we configured the rule to add signatures to emails sent by our IT guys, excluding the managers. The software knows when to add signatures because we added an Azure Active Directory filter condition to check if the sender's Department field in Active Directory is equal to IT – see Fig. 2. for detailed configuration. In a similar way, an exception to the rule was defined: if the user's Title in AD contains the value Manager, the rule is not triggered.

Azure AD filter options.
Fig. 2. Azure Active Directory filter options.

Thanks to all these user configuration possibilities, you can apply your signature rule to a group of users and exclude one or more users at the same time, for example:

  • add a signature to the whole IT department except for the manager whose signature is covered by a different rule (this is the example above);
  • add a legal disclaimer to all company emails except for the emails of employees from a foreign site, because different laws apply there;
  • add signatures with marketing banners to the whole Customer Support department but not to emails sent by people from other departments, etc.


  1. Remember to define at least one user in the conditions field (the top list). If you leave this section empty, signatures will be added to all users specified in the connectors wizard (learn more). The program will notify you about that (and automatically add the All senders condition to the top list) when you submit your changes via the Save (ESIG for O365 rule save) button or when you close it.
  2. If you add members of a group that has other group(s) nested inside, emails sent by members of the nested group(s) will also meet your condition/exception.
  3. If you would like to create a rule, but do not want to apply it to any users, you can temporarily disable it via the switch (ESIG for O365 rule switch) button.
  4. User AD field (see Fig. 2.) includes only the most common AD attributes such as First/Last name, Company, Department, E-mail, Phone, etc. Custom attributes are not available in the Azure AD filter.
  5. If you have multiple domains added to your Microsoft 365 tenant (e.g.,, etc.), the user and group pickers used in the program will list mailboxes/groups with email addresses from all these domains (Fig. 3.).

The user picker shows the primary email addresses (mailboxes) for all domains added to your tenant.
Fig. 3. The user picker shows the primary email addresses (mailboxes) for all domains added to your tenant.

  1. You can define conditions and exceptions based on the primary email address only. This means the pickers will not show email aliases. The Azure AD filter option (see Fig. 2.) also does not support aliases. Learn more about using email aliases with CodeTwo Email Signatures for Office 365


The Recipients tab (Fig. 4.) is only available for server-side signature rules. Here, you need to choose if you want to add your signature to emails sent to everyone or to specific people only. This selection is made on the top list of the Recipients tab. You can also add exceptions - if an email is sent to recipients specified on the bottom list, the rule will not be applied, and the signature will not be added. On the conditions list, you can select:

  • all recipients or internal/external recipients only (an email direction-based condition),
  • members of specific groups (Office 365 groups, distribution lists, security groups and mail-enabled security groups) in your organization,
  • specific email addresses.

The exceptions are limited to group members and email addresses. When using the email address filter, you can use asterisks (*) as wildcards that substitute one or more characters. This allows you to create, for example, conditions/exceptions that apply only when emails are sent to specific domains. For instance, if you select the Email addresses option on the top list and type **, the rule will apply only to emails sent to email addresses that include (,, and so on).

ESIG O365 conditions - recipients
Fig. 4. The Recipients tab. Here, the rule applies to emails sent to anyone.


  1. To be able to add signatures to internal emails, make sure that the option Apply signatures also to internal messages has been selected during the configuration of Exchange Online connectors. Otherwise, internal emails will not pass through CodeTwo services. Learn more
  2. If you send an email to multiple recipients (associated with different rules), each recipient will get your email with the right signature. See this section to learn more.
  3. Remember to define at least one condition on the top list. If you leave this section empty, the rule will apply to emails sent to any recipient. The app will notify you about that (and automatically add the All recipients condition to the top list) when you submit your changes via the Save (ESIG for O365 rule save) button or when you close it.


The Keywords tab (Fig. 5.) allows you to define specific phrases that will trigger or suppress your server-side signature rule (the tab is unavailable for client-side signature rules). This option is very useful e.g. when you want to apply an additional signature only to selected recipients or if you want to quickly remove the default signature of your company from a private message. The latter is shown in Fig. 5.: if the program finds the #nosignature phrase in the email subject or body, the signature will not be added and the phrase itself will be removed from the message. The asterisks surrounding the keyword phrase are optional, but here they ensure the rule will be triggered even if any characters (letters or signs) directly precede or follow the phrase, so phrases such as (#nosignature) or -#nosignatures will all work.

ESIG O365 conditions - keywords
Fig. 5. The Keywords tab available for server-side signature rules.

You can add one or more keywords. By default, they are connected via the OR logical operator.

When adding or editing a keyword (Fig. 6.) you can define where to search for the phrase and decide if the program should remove it from the message.

Keyword configuration options.
Fig. 6. Keyword configuration options.


You can insert your keyword anywhere inside the message title or body. An asterisk (*) may be used as a wildcard character. Add it before and/or after the phrase to make sure that your keyword is always found (see Fig. 6.).

For more information about how to use keywords to force or suppress signature rules, check this Knowledge Base article.


On the Options tab (Fig. 7.) you can:

Rule processing settings for server-side signature rules

If you use many signature rules in your Office 365 organization, it is important to manage how they are executed. You can do this in the Options tab, in the Rules that follow this rule section (see Fig. 7.).

When setting up the processing of multiple rules, remember:

  • The settings are configured for each rule separately.
  • The rules are applied in the order they are placed on the list in the left column (see Fig. 7.), from top to bottom.
  • If several signatures are to be added by different rules, they will be added top to bottom in the same order as the rules that govern them.

This is important if you want to add several signatures in a specific order. The order of rules can be changed using the arrow buttons in the menu on the left. For each rule you also need to decide what happens if it is applied or not.

ESIG 365 conditions - options - server-side v3
Fig. 7. The Options tab available for server-side signature rules.

If you select the option If this rule is applied > Go to the next rule, our software will check if the conditions of the signature rule are met, and if they are, it will add a signature defined by the rule and move to the next rule (the one directly below it on the list). If you select If this rule is applied > Stop processing next rules, our software will check if the conditions of the signature rule are met, and if they are, it will not process any more rules.

When it comes to the If this rule is not applied column, the case is similar. Our software checks if the conditions of the signature rule are met, and if they are not, it moves to the next rule or stops processing any other rules depending on the choice you made.

For each signature, the process of checking if the conditions of the signature rule are met continues until the program reaches the final signature rule (at the bottom of the list) or until the condition to stop processing next rules is met.

Outlook signature adding options for client-side signature rules

There are three options available (Fig. 8.):

  • Set this signature as default for new messages

When this option is enabled, the signature defined in this rule is automatically added to the body of each new email created in Outlook. If the option is enabled in multiple client-side signature rules, each of which is used to set up a different signature for the same user, the signature defined in the first rule (that is, the rule that is on the top of the client-side signatures list in the SIGNATURE RULES section) will be used as the default one in Outlook.


Keep in mind that users can change the default signature settings as well as edit the signature contents in Outlook. However, their changes will be overwritten with the settings that are configured in the Manage Signatures App each time the application syncs with the CodeTwo Signatures Add-in for Outlook. The synchronization will take place only if the user is logged in in the Outlook add-in.

  • Set this signature as default for replies and forwards

This option works similarly to the previous one, only the signature is automatically added to replies and forwards. 

  • Remove all user-defined signatures in Outlook

If you enable this option, all user-created signatures will be deleted from Outlook. The program will delete the signatures only of those users who fulfill the conditions specified in the signature rule, have installed the CodeTwo Signatures Add-in in Outlook, and are logged in in that add-in. The user-created signatures are removed each time the Manage Signatures App syncs with the Outlook add-in.


The CodeTwo Signatures Add-in for Outlook deletes all user-defined signatures from all email accounts and profiles configured in Outlook, not only from the account logged in in the add-in.

ESIG 365 conditions - options - client-side v3
Fig. 8. The Options tab available for client-side signature rules.


​The Scheduler is configured separately for each signature rule (both server-side and client-side). It allows you to manage the activity of a rule by selecting time ranges and recurrence patterns. You can create daily, weekly, monthly or custom patterns (Fig. 9.). If you turn the Scheduler on for your rule, a small icon appears next to the rule's name (see Fig. 8.). This icon shows if the rule is currently active (ESIG for O365 scheduler button ON) or not (ESIG for O365 scheduler button PAUSE).


If the Scheduler is off or is not yet configured for a signature rule, this rule will be active continuously (without any time limits).

The Scheduler's activity is based on your local time zone.

The Scheduler.
Fig. 9. Configuration of the Scheduler.

Understanding conditions and exceptions

As described above, the Senders, Recipients and Keywords tabs let you set conditions (or exceptions) that need to be fulfilled by a message to trigger (or suppress) a rule and add (or exclude) an email signature. Apart from conditions and exceptions, you can specify when a signature rule should be active by using the Scheduler available on the Options tab.

To manage email signatures efficiently, it's important to understand how conditions and exceptions are related.


Conditions can be defined on the top lists of the Senders, Recipients and Keywords tabs.


The relation between the Senders, Recipients and Keywords conditions is logical conjunction (the AND logical operator). This means that all these conditions must be fulfilled to trigger a rule and add a corresponding signature.

To better understand that, imagine the following scenario for a server-side signature rule: a company has a new product named XYZ and would like to add a dedicated signature to selected emails sent by the marketing team outside the organization. Let us assume that we already created a new signature rule and designed the signature template for this rule, and we only need to define the conditions for when this template is added.

First, we select this rule on the rules list and go to the Senders tab. We add the Marketing group as the condition (top list), with no other conditions or exceptions (Fig. 10.). This means that our signature will be added only to emails sent by the employees working in Marketing.

ESIG 365 conditions - senders v3
Fig. 10. The Senders tab with one condition.

After that, we need to specify the email recipients to whom this rule will apply. We want our signature advertisement to be added to emails sent outside the organization. To do that, we switch to the Recipients tab and add External recipients to the top list (Fig. 11.).

ESIG 365 conditions - external recipients v3
Fig. 11. Configuration of the Recipients condition: here, the rule applies to external emails only.

Finally, we define a Keyword condition (upper list on the Keywords tab) for email subjects by adding the XYZ phrase (the name of our product), as shown in Fig. 12. We set the keyword phrase not to be removed because we assume that our advertising emails always contain (and should contain) the name of the product advertised.

ESIG 365 conditions - keywords v3
Fig. 12. The Keywords tab with one Keyword condition.

With this configuration, our signature will be added only to emails which simultaneously fulfill all three conditions:

  • are sent by the Marketing team
  • and are sent to users outside the organization
  • and contain XYZ (product name) in the message subject.


Exceptions (the bottom lists on the Senders, Recipients and Keywords tabs) are connected via the OR logical operator (logical disjunction). In other words:


If you define multiple exceptions, a signature rule is suppressed for each exception individually.

The following example will help you understand how exceptions are processed by the program. Let us modify the server-side signature rule described in the previous example. On the Senders tab, we add an exception (the bottom list) by creating an Azure AD filter, as shown in Fig. 13. This will exclude users whose job title contains the word Manager (our search algorithm is case-insensitive) from having their emails stamped with the associated signature.

ESIG 365 exceptions - senders v3
Fig. 13. Adding an exception to email senders.

Now, let's assume that we have a separate email marketing campaign for Canada, so we need to make sure our current rule does not apply to emails sent to the .ca domain. To do that, we go to the Recipients tab, choose the Email addresses option on the bottom list (exceptions) tab and type *.ca as the email address (Fig. 14.). The wildcard (*) character ensures that all email addresses ending with .ca will trigger our signature rule.

ESIG 365 exceptions - recipients v3
Fig. 14. Defining a new Recipients exception.

We can also create an exception that stops the rule from being applied when a specific phrase is typed in an email. We can do so on the Keywords tab, as shown in Fig. 15. With this configuration, every email which contains the nosignature phrase in its body or subject will not receive the signature, and the phrase itself will be removed from the message.

ESIG 365 understanding exceptions - keywords v3
Fig. 15. Defining a keyword exception.

With these 3 exceptions and the previous 3 conditions combined, our rule will:

  • add the signature only to emails that are sent by Marketing to external addresses and contain the XYZ phrase in the message subject,
  • not add the signature in 3 cases:
    • if an email is sent by a user whose job title contains the word manager (case-insensitive)
    • if an email is sent to an email address in the Canadian (.ca) domain
    • if the nosignature phrase is found in the message subject or body.

Frequently asked questions

Adding signatures to messages sent by delegates (Send As / Send on Behalf permissions)

Sometimes a user or a group of users have permission to send messages as other users or on their behalf. These users are referred to as delegates (see this Microsoft article for more information on delegate permissions). To find out how the software handles emails sent as / sent on behalf of another user, read this dedicated article.

What if an email is sent to multiple recipients to whom different server-side rules apply? (Message splitting)

The software comes with a message splitting (bifurcation) capability: when you send an email to multiple recipients, and different signature rules apply to these recipients, the software makes sure each recipient gets your email with the right signature version. To do so, the message is split into several identical copies. The number of these copies is equal to the number of different rules that apply to the recipients of your message. Each copy is processed by each related rule and sent only to the recipient(s) that match this rule.

Example: You send an email to 4 recipients to whom 3 different signature rules apply. The software creates 3 instances of this message, and each instance is stamped with a different signature and is sent to the recipient(s) who should see this particular signature (Fig. 16.).

ESIG 365 - message splitting (bifurcation) diagram
Fig. 16. How message splitting works.


  • Email headers: The email header is not changed – the recipients listed in the To or Cc fields of the original message will be included in every email copy after splitting. Only the body of each email copy differs (it includes a different signature) as a result of processing by different rules.
  • The Sent Items folder: Only one email copy will be visible in your Sent Items – it will be the one that was processed last by CodeTwo Email Azure Service. Learn more

What happens if an email is sent to two recipients, and one recipient meets the condition while the other meets the exception of the same server-side signature rule?

In this case, each recipient will get the right version of the message, because the message splitting will occur.

Example: On the Recipients tab, you add one condition ( and one exception ( If you send an email to both A and B, the email will be split into two copies, and recipient A will get the copy with the signature while recipient B will get the copy without the signature. See this section for additional info and important notes.

Can I transfer my on-premises signature rules to CodeTwo Email Signatures for Office 365?

Yes, we have a dedicated tool that allows you to easily move all email signature or disclaimer adding rules defined in the CodeTwo Exchange Rules family of products, together with signature templates configured in these rules. The entire process is completely automatic, and your rules will become available in the Manage Signatures App as server-side signature rules. Learn more about the CodeTwo Exchange Rules Converter

See next

Signature template editor and library - after you specify all the conditions and exceptions for your signature rule, it's time to design it. Read this article for an overview of the built-in signature editor and signature template library.

Was this information useful?