ExM Blog Excel Micro Videos Proofpoint Videos Mimecast Videos VIPRE Videos Billing/Invoice Sign in
Start a conversation
  1. Excel Micro
  2. VIPRE™ Email Security
  3. Setup & Configuration - VIPRE Email Security

Configure VIPRE Outbound Authentication Token

The Outbound Token is a unique token added to the email header that is generated automatically and adds an additional layer of security by:

  • Uniquely identifying and authenticating legitimate outbound traffic from your cloud-based email solution
  • Acting as a preventative measure, ensuring only authenticated and authorized traffic is processed
  • Mitigating the risk of being blocked/added to a denylist by major email providers by providing a reliable method for distinguishing legitimate traffic from potential malicious activities

Informational Notice

Disclaimer: While we provide step-by-step instructions for third-party platforms, email providers (such as Microsoft and Google) update their interfaces and protocols frequently. We recommend consulting your email provider's official documentation for the most up-to-date navigation and configuration steps.

Prerequisites

Ensure that outbound mail flow has been configured with VIPRE for your chosen cloud-based email solution.

Phase 1: Retrieve your Outbound Token

Before configurating your email environment (Microsoft 365, Google Workspace, or another provider), you must retrieve your unique account token from the VIPRE Email console.

  1. Log in to the Email Security Cloud web console
  2. From the left-side menu, click Service Settings
  3. Select Outbound Relay
  4. Locate the Outbound Email Token field and copy the value
    • Note: This token is unique to your specific account

Phase 2: Implementation

Follow the specific instructions below for the email environment in use with your organization.

Microsoft 365 Implementation - 

Perform the following steps from the Exchange Admin Center to add the token to your Microsoft 365 email headers.

  1. Log in to the Exchange Admin Center
  2. In the left-hand navigation, expand Mail Flow and select Rules
  3. Click +Add a rule and select Create a new rule
  4. Configure the rule settings:
    1. Name: VIPRE Outbound token
    2. Apply this rule if: The Sender - is external/internal - Inside the organization
    3. Do the following: Select Modify the message properties > set a message header
  5. Set the message header details:
    • Message Header: X-Vipre-Tenant-Key
    • Value: Paste the token retrieved in Phase 1
  6. Click Next. On the Set rule settings page, set the Rule mode to Enforce
  7. Click Next to Review the settings and click Finish; you will see a green notification that the transport rule was created successfully
  8. Important! Once saved, the rule is disabled by default; select the rule from the list and toggle the Status to Enabled

This video illustrates the above steps.


Google Workspace Implementation -

Perform the following steps from the Google Admin Console to add the token to your Google mail headers.

  1. Log in to the Google Admin Console
  2. Navigate to Apps > Google Workspace > Gmail > Compliance
  3. Scroll down to the Content compliance section and click Configure (or Add Another Rule if you already have existing rules)
    • Set the Name: VIPRE Outbound Token
    • Email messages to affect: Check both Outbound and Internal - Sending
  4. Add expressions:
    • Select “If ANY of the following match the message” from the dropdown
    • Click Add and choose Advanced content match
    • Location: Full headers
    • Match type: Not contains text
    • Content: Enter a random string (e.g., notcontained) to ensure the rule applies to all messages, or select “Check all messages” if that option is available in your region
  5. Actions:
    • In the “Headers” section, check Add custom headers
    • Click Add
    • Header name: X-Vipre-Tenant-Key
    • Value: Paste the token retrieved in Phase 1
  6. Click Save at the bottom of the dialog


Other Email Cloud Providers Implementation - 

If your organization uses a provider other than Microsoft or Google, the logic remains the same. You must create a “Compliance Rule” or “Transport Rule” that affects all outbound mail.

  1. Locate your provider's Mail Flow or Compliance settings
  2. Create a rule that triggers for all outgoing messages
  3. Select the action to Add a Custom Header
    • Header name :X-Vipre-Tenant-Key
    • Value: Paste the token retrieved in Phase 1
  4. Ensure the rule is Saved and Enabled

Phase 3: Verification

For security purposes, VIPRE Email strips the authentication token from the header before the email is delivered to the final recipient. Therefore, you cannot verify the token by checking the headers in the recipient's inbox. 

To confirm the rule is successfully injecting the token, you must verify it on the sending side using your provider's diagnostic tools.

Microsoft 365 Verification - 

Use the Message Trace tool to confirm the rule is working.

  1. In the Exchange Admin Center, go to Mail Flow > Message trace
  2. Run a trace for a recently sent outbound message
  3. Click on the message in the results to view the details
  4. Look for the Message Events or Protocol details; if the rule is working, you will see an event indicating that the “VIPRE Outbound Token” rule was applied and the header was set

Google Workspace Verification - 

Use the Email Log Search tool to confirm the rule is working.

  1. In the Google Admin Console, go to Reporting > Email Log Search
  2. Search for an outbound email sent after the rule was implemented
  3. Click the subject of the email to see the details
  4. Under the Post-delivery details or Recipients section, look for the compliance rule execution logs; it should show that the Content Compliance rule was triggered and the custom header was added

Other Email Cloud Providers Verification - 

If your organization uses a provider other than Microsoft or Google, follow this general logic for reviewing outbound logging.

  1. Locate your provider's Message Trace, Email Logs, or Delivery Reports section
  2. Identify a message sent after your new mail flow rule was enabled
  3. View the Extended Details or Event Logs for that specific message
  4. Look for an entry indicating that your custom “Compliance Rule” or “Transport Rule” was successfully triggered; most enterprise-grade logging will explicitly list the “Header Added” event and the header name (X-Vipre-Tenant-Key)

Considerations

When creating or modifying email rules, keep the following in mind.

  • Propagation Delay: Changes to your email configuration can take up to 72 hours to take effect
  • Rule Conflict: Ensure no other transport rules are stripping custom headers or bypassing the outbound relay
  • Rule Priority: Verify the VIPRE Outbound Token rule is high enough in your list that it isn't being superseded by another rule that “stops processing” further rules

1705517298106-outbound_email_token.mp4

  1. 19463 KB
  2. View
  3. Download
Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Carlos Rios

  2. Posted
  3. Updated

Comments