Intelligent External Email Tagging
Currently the system blindly applies an “[External]” tag to an email subject and a notification in the message body. If the email is forwarded or replied to only internal email addresses, the message is again tagged as external, repetitively causing tagged to be applied, resulting a perpetual situation like this with the subject:
[External] RE: [External] RE: [External] Message Subject
This is for a message that was originally from an external source that got replied to internally multiple times. At this point it is an internal email, but an "[External]" tag is incorrectly applied. The best way to defeat security is with false positives, causing people and systems to ignore alarms, even when they're real.
The sender can remove the tag, but it causes Outlook to see it as a separate message thread.
The corrective action is to have the system intelligently apply External tagging and notification, preventing it from being incorrectly and perpetually being reapplied and Outlook maintaining correct message threading.
The "[External]" subject tag is being applied deliberately via an exchange Office 365 transport rule as per US-CERT best practices. However the problem, as stated, is that functionality should exist to allow it to also strip the "[External]" subject tag on email being replied to and directed out side of the organization.