The definitive IT guide to deploying legal disclaimers at scale with Exclaimer

How it works:

• An email is sent from Microsoft 365 or Google Workspace.
• A mail flow rule routes the message to Exclaimer’s cloud service.
• Exclaimer adds the signature and legal disclaimer.
• The message is returned to the mail server and delivered to the recipient.

Why it works:

• Covers all devices and email clients, including mobile.
• Legal disclaimers are applied after the user sends the message.
• No configuration is required on the user’s machine.

Use case: When consistency and control matter more than showing the legal disclaimer to the sender before delivery.

How it works:

• Exclaimer integrates with Outlook or Gmail.
• The legal disclaimer appears in the message as it is being written.

Why it works:

• Shows the final result before the email is sent.
• Appears in Sent Items for consistency.

Use case: Showing users the full message, including legal text, improves confidence.

Use both server-side and client-side methods to:

• Guarantee legal disclaimers are applied across all platforms.
• Allow users to see what will be sent.
• Handle special cases, such as encrypted or mobile-sent messages.

Benefits:

• Preview in compose window (client-side)
• Enforcement across devices (server-side)

Before you connect mail systems, start by creating and securing your Exclaimer tenant.

1. Choose a region:
   Select your data location (UK, EU, or US) based on your organization’s compliance needs.
2. Verify domain ownership:
   Add the TXT record provided by Exclaimer to your domain registrar. This confirms you own the domain and allows mail routing to begin.
3. Assign user roles:
   Define who can manage templates, approve changes, or configure policy rules:
   • Admins: Full access
   • Approvers: Final sign-off for legal content
   • Designers: Build templates but cannot publish

To apply legal disclaimers correctly, Exclaimer needs access to user data from your organization’s Entra ID directory.

1. Sign in using global admin credentials.
2. Approve directory access scopes via Microsoft Graph:
   • User.Read.All
   • Group.Read.All
   • Directory.Read.All
3. Confirm attribute mapping for key user fields like:
   • Job title
   • Department
   • Office location

Troubleshooting tips:

• Run a manual sync after connection to check that data is visible in Exclaimer.
• Review any missing fields in user records—null values can cause placeholder issues.
• Use the Exclaimer dashboard to monitor sync status and timestamps.

Set up mail routing so that messages pass through Exclaimer’s cloud service. This is how Exclaimer applies legal disclaimers automatically.

1. Open Exchange Admin Center > Mail flow > Connectors.
2. Create a new outbound connector:
   • Name: To Exclaimer
   • Route email through smart host based on region:
     • smtp.eu.exclaimer.net for Europe
     • smtp.us.exclaimer.net for the United States
3. Set up a transport rule:
   • Condition: If the message header X-ExclaimerHostedSignatures-MessageProcessed does not exist or is not equal to true
   • Action: Redirect via the To Exclaimer connector
   • Exception: Skip if the email is encrypted or digitally signed
4. Update DNS records:
   • Add Exclaimer to your SPF record: include:spf.exclaimer.net
   • Enable DKIM signing in Microsoft 365 admin center
   • Monitor message headers for DMARC alignment

Troubleshooting tips:

• Check mail flow reports to ensure connectors are being triggered.
• Confirm smart host delivery is not being blocked by firewall or TLS settings.
• Verify header X-ExclaimerHostedSignatures-MessageProcessed is visible in processed mail.

Repeat the same tenant provisioning and domain validation process as described in the Microsoft 365 setup.

1. Connect Exclaimer to your Google account using the Admin SDK.
2. Grant OAuth permissions when prompted.
3. Sync fields from your organizational unit or user profile schema.

Troubleshooting tips:

• Run a manual sync after connection to check that data is visible in Exclaimer.
• Review any missing fields in user records—null values can cause placeholder issues.
• Use the Exclaimer dashboard to monitor sync status and timestamps.

1. Open Admin Console > Apps > Gmail > Routing.
2. Add a new content compliance rule:
   • Apply to outbound and internal-sending messages
   • Under Expressions, choose Advanced content match
   • Location: Full headers
   • Match type: Not contains text
   • Content: X-ExclaimerHostedSignatures-MessageProcessed
   • Route matching messages to Exclaimer’s smart host with TLS enabled
3. Update DNS records:
   • Add Exclaimer to your SPF record: include:spf.exclaimer.net
   • Turn on DKIM signing in the Google Admin console
   • Monitor reports to confirm DMARC alignment

Troubleshooting tips:

• Confirm the content compliance rule is scoped to the correct user groups.
• Check for missing SPF or DKIM records in your domain DNS.
• Ensure the X-ExclaimerHostedSignatures-MessageProcessed header logic is configured as 'not contains' to prevent duplicate routing.

• By department: Finance, HR, Legal, and Marketing may each require specific legal language.
• By region: Tailor legal disclaimers to meet regulatory differences in the EU, US, APAC, or other jurisdictions.
• By domain or recipient type: Limit disclaimers to external emails while suppressing them for internal traffic.

• Internal email threads that don’t require repeated legal text
• Signed or encrypted messages that must remain unaltered
• Replies and forwards to avoid duplication

Use the rule builder to target users by:

• Group membership
• Organizational unit (OU)
• Entra ID (Azure AD) or Google Directory attributes

Additional configuration tips:

• Prioritize rules to resolve overlaps and conflicts
• Preview live coverage to confirm the correct legal disclaimer applies for each user or use case

• Outlook on Windows and Mac (desktop and web)
• Gmail in Chrome and mobile browser
• iOS and Android native mail apps
• Third-party clients (e.g., Thunderbird, Samsung Mail)

• Placement: Legal disclaimer appears below the signature or at the end of the email.
• Formatting: No broken HTML or spacing issues across devices or thread views.
• Duplication: Legal disclaimers do not appear more than once in replies or forwards.
• Dynamic fields: Fields like {{displayName}}, {{email}}, and {{jobTitle}} display correct values.
• Legal content accuracy: Match regional disclaimer language to sender or recipient location.
• Click-through links: Test privacy policies and unsubscribe links for correct URL and accessibility.
• Sent Items stamping (if enabled): Confirm the legal disclaimer is visible in the sender’s Sent folder.

• Delivery status: Check if legal disclaimers were applied successfully or skipped based on rule logic.
• Directory sync events: Confirm that user data matches expected values and that syncs are current.

• Audit logs: View who changed what and when, including edits to legal disclaimer content, rule logic, and user access levels.
• Version history: Restore previous versions of templates instantly if changes introduce errors or legal conflicts.
• Sent Item stamping: Enable this to view the legal disclaimer exactly as it appeared in each user’s Sent Items folder.
• Policy TTLs: Set expiration dates for time-sensitive legal disclaimers, like temporary disclaimers for acquisitions or external campaigns.

• Routes and processes more than 20 billion emails each year.
• Built on Microsoft Azure, with 14 global datacenters for low latency and high availability.
• Scales with enterprise workloads, including hybrid and remote environments.

• ISO 27001 and SOC 2 certified.
• Fully GDPR-compliant with region-specific data processing.
• Offers configurable data residency in the UK, EU, or US

• Identity and security: Azure AD, Microsoft Intune, Conditional Access
• Endpoint and email protection: Mimecast, Barracuda, Microsoft Defender
• SIEM tools: Splunk, Microsoft Sentinel, LogRhythm
• ITSM tools: ServiceNow, Freshservice

• Click-through rates: Monitor engagement with banners or policy-related links embedded in disclaimers.
• Visibility trends: Review heatmaps that show where legal disclaimers are viewed most frequently—by client type, location, or department.
• Policy usage: See how often specific legal disclaimer templates are applied across teams or geographies.

Export reports by:

• User: Identify delivery gaps or missed disclaimers
• Domain: Spot external recipients most affected by legal messaging
• Policy rule: Confirm that targeting logic is functioning as intended

• Replaced fragmented Outlook signatures with a centrally managed solution.
• Automatically applied UK Companies Act disclaimers to all outbound emails
• Combined legal footers with campaign banners, driving over half a million link clicks to marketing content
• Built workflows between Legal and IT to standardize disclaimer compliance across departments
• Outcome: £6.1M in influenced revenue and more than 14,000 IT hours reclaimed for higher-value work

Read the full case study

• Standardized legal disclaimers across warehouse, mobile, and corporate email clients
• Achieved GLBA compliance by applying consistent legal language to all outbound communications
• Eliminated dependence on local email client signatures through centralized server-side enforcement
• Reduced legal support and IT overhead by preventing signature gaps between field and HQ users

Read the full case study

• Enabled IT to take full ownership of legal disclaimer application through automated policy rules
• Gave Marketing autonomy to manage promotional elements without affecting legal compliance
• Adopted a quarterly review cadence, where Legal teams could approve or update disclaimer templates using Exclaimer’s role-based controls
• Improved collaboration between compliance, brand, and IT by centralizing disclaimer ownership

Read the full case study