This article outlines the expectations of Content Filtering (CF) rules to fire on messages based on the Sender address and if the message is Internal bound, External bound, or from SMTP via an Internet (or internal SMTP) source.

Note:  The below information is assuming there are no user based inclusions or exclusions defined  under the "Users" tab inside the content filtering rule.  Additional granularity can be applied by defining specific subsets of senders or recipients to be included or excluded.

Key:  ( Y = Yes, expected to fire rule.   N = No, not expected to fire rule.)

MessageDirection:  Defines the direction the message is being sent.

• Internet - Mail is being sent to mailserver via SMTP.
• External - Mail is being sent externally to the internet.
• Internal - Mail is being sent from Internal user to Internal user.

Mailbox/Contact: Does the "From" address have an existing mailbox or external email address contact in Exchange?

InternalDomain:  Setting in SMSMSE under "Admin>System Settings"  In some circumstances internal domains are not treated as internal.  This setting allows manual definition.

Inbound, Outbound, Store (or a combination of) : These are the values enabled under "Apply rule to:" in the Content Filtering rule configuration.

Exchange 2010 - Forthcoming (likely different due to Microsoft VSAPI)

Exchange 2013 - Forthcoming (likely identical to 2016)

Exchange 2016