Troubleshooting Email Signature Server Related Issues

Templafy's Email Signature Server supports the stamping of signatures on encrypted emails. However, Email Signature Server currently does not support the stamping signatures on emails that are encrypted prior to being processed by the Email Signature Server. If the email is encrypted before it reaches the Email Signature Server, the email will not be processed or stamped by the Email Signature Server and will be sent on to the final recipient without a signature being appended by the Email Signature Server.

If there are customized MIP encryptions in your environment, an additional mail flow rule will need to be added to your Templafy mail flow rule. 

1. Navigate to https://admin.exchange.microsoft.com/.
2. Go to Mail flow, then Rules.
3. Click Add a rule, then Create a new rule.
   
   • Name: msip_labels bypass ESS.

   • Under the Apply this rule if section:

     • Click the Select one dropdown and select: The message headers....
     • Click the next Select one dropdown and select: includes any of these words.
       • Click the first Enter text and set the header name to msip_labels.
       • Click Save.
       • Click the second Enter text and set the value to true.
       • Click Save.
     • Click the + button to add another condition.

     • Select The sender then click the next Select one dropdown and choose: is internal/external.

       • Select sender location will show Inside the organization in the dropdown.

       • Click Save.

   • Under the Do the following section.

     • Select Modify the message properties followed by set a message header.
       • Click the first Enter text and set the header name to x-processedbytemplafy OR x-unsupportedformatbytemplafy (see below).
       • Click Save.
       • Click the second Enter text and set the value to true.
       • Click Save.
4. Save the newly created rule.
5. Move the rule to a higher priority than the existing Templafy mail flow rule and enable the rule.

When email is routed through Templafy's Email Signature Server, the server will append the user's Templafy signature to the email if a Templafy signature has not yet been applied previously. In the scenario that a signature is not stamped on an email, there could be a few likely causes as listed below.

The user is not in the scope of the Email Signature Server mail flow rule

It may be beneficial to check the user's email to see if the Email Signature Server has actually processed the email. To do this, the headers in the email will need to be evaluated.

1. Open the relevant .eml file.
2. Click File and Properties.
3. Copy the Internet Headers and paste into an Email Header Analyzer.
4. Search for Templafy-EmailSignatureServer-Processed = true.

If the email has not been processed by the Email Signature Server, check to ensure that the user is in the scope of the mail flow rule.

1. Navigate to https://admin.exchange.microsoft.com/.
2. Go to Mail flow, then Rules.
3. Find the Templafy mail flow rule, likely named: templafy email signatures.
4. Check to see if the user if included in the Apply this rule if section.

The user does not have a valid signature assigned

If a user does not have a valid signature associated to their email address in their Templafy Tenant, the Email Signature Server will not register that there is a signature assigned to the user.

1. Navigate to the Templafy Admin Center.
2. Select the Email Signatures section and then the Signatures tile.
3. Select the relevant signature and ensure that the user is in the scope of the signature.

The user does not have a complete User Profile

If a user is missing a required field in their User Profile, the Email Signature Server will not stamp a signature as the profile will not be considered complete. Ensure that the user has a complete and valid profile.

A previous Templafy signature was manually deleted

If a user composes an email via the Outlook Client or the Outlook Web Application with the Templafy Email Signature Add-In enabled and a valid email signature, a signature will be stamped at the bottom of the email prior to sending. In the occasion that the email signature is manually deleted by the user, it is likely that not all HTML table elements were deleted. If this is the case, the Email Signature Server will recognize these elements as the user's Templafy signature and will not stamp another signature. To avoid this, we strongly encourage that email signatures are not modified within the email to ensure that email signatures get stamped appropriately.

If emails that are being routed through Templafy's Email Signature Server are going to spam, it is likely that your SPF record does not include your Templafy Inbound Connector IP Address / certificate.

To check that your SPF record is valid, use the form at SPF-Record Lookup to search for all domains that are routed through your Email Signature Server's mail flow rule with the appropriate Inbound Connector IP Address.

Messages that are processed by Templafy's Email Signature Server are currently unable to be recalled due to Microsoft's inability to recall messages that have been routed outside of the Microsoft 365 organization. Microsoft is currently working to enhance the recall feature and can be monitored on the following Microsoft 365 blog.

In the meantime, it is recommended that the email traffic through the Email Signature Server is optimized to exclude emails that have already been processed by Templafy’s VSTO and/or Web Add-In to reduce and mitigate recall failures. With this configuration, mail will only be processed by the Templafy Email Signature Server if necessary. The Email Signature Server traffic will then consist of users in the scope of the Email Signature Server mail flow rule that are sending from devices that do not have the VSTO or Web Add-In enabled.

To make this adjustment, please follow the steps below:

• Navigate to https://admin.exchange.microsoft.com/.
• Go to Mail flow, then Rules.
• Find the Templafy mail flow rule, likely named: templafy email signatures.
• Edit the conditions of rule:
  • Change the header name in the exception from X-UnsupportedFormatByTemplafy] to [X-ProcessedByTemplafy.

In addition to optimizing the traffic through the Email Signature Server, it is also recommended to add a new mail flow rule in your Exchange Admin Center that will keep recalled messages from being processed by the Email Signature Server.

1. Navigate to https://admin.exchange.microsoft.com/.
2. Go to Mail flow, then Rules.
3. Click Add a rule, then Create a new rule.
   
   • Name: Exclude Microsoft recall messages from ESS by Subject.

   • Under the Apply this rule if section:

     • Click the Select one dropdown and select: The subject or body.
     • Click the next Select one dropdown and select: includes any of these words.
       • Click the Enter text and set the value to Recall:.
     • Click the + button to add another condition.

     • Select The sender then click the next Select one dropdown and choose: is internal/external.

       • Select sender location will show Inside the organization in the dropdown.

       • Click Save.

   • Under the Do the following section.

     • Select Modify the message properties followed by set a message header.
       • Click the first Enter text and set the header name to Templafy-EmailSignatureServer-Processed
       • Click Save.
       • Click the second Enter text and set the value to true.
       • Click Save.
4. Save the newly created rule.
5. Move the rule to a higher priority than the existing Templafy mail flow rule and enable the rule.

When an email gets sent to a Distribution List (DL) and the message gets routed outside of Exchange Online, Microsoft breaks down the message into separate emails for each recipient. Microsoft has set a limit on these recipient emails in Exchange Online Connectors which could be hit while sending emails to large DLs that go through Templafy Email signature server.

Templafy's Email Signature Server is able to detect signatures that are stamped by Templafy's VSTO Add-In or Web Add-In, but not by Outlook's native signature. To ensure that there is only a single Templafy signature stamped on your emails, ensure that the native Outlook signature has been disabled and that only the Templafy signature is being used. 

When a Shared Calendar invite is sent from the Outlook Web Application and is processed by Templafy's Email Signature Server, it may interfere with the Accept button that is displayed in the Outlook Client.
In order to mitigate this issue, there are two solutions that can be implemented:

If using Templafy's Web Add-in for the Outlook Web Application: Ensure that Templafy's Email Signature Server does not process mail that has already been processed by Templafy's Web Add-in for the Outlook Web Application.

• Navigate to https://admin.exchange.microsoft.com/.
• Go to Mail flow, then Rules.
• Find the Templafy mail flow rule, likely named: templafy email signatures.
• Edit the conditions of rule:
  • Change the header name in the exception from X-UnsupportedFormatByTemplafy] to [X-ProcessedByTemplafy.

If not using Templafy's Web Add-in for the Outlook Web Application: Add an additional mail flow rule in Exchange Online to detect Shared Calendar invites based on the message header.

1. Navigate to https://admin.exchange.microsoft.com/.
2. Go to Mail flow, then Rules.
3. Click Add a rule, then Create a new rule.
   
   • Name: Share Calendar Emails Bypass ESS.

   • Under the Apply this rule if section:

     • Click the Select one dropdown and select: The message headers....
     • Click the next Select one dropdown and select: matches these text patterns....
       • Click the first Enter text and set the header name to X-MS-SuggestedSharingAction
       • Click Save.
       • Click the second Enter text and set the value to \w*.
       • Click Save.
     • Click the + button to add another condition.

     • Select The sender then click the next Select one dropdown and choose: is internal/external.

       • Select sender location will show Inside the organization in the dropdown.

       • Click Save.

   • Under the Do the following section.

     • Select Modify the message properties followed by set a message header.
       • Click the first Enter text and set the header name to Templafy-EmailSignatureServer-Processed
       • Click Save.
       • Click the second Enter text and set the value to true.
       • Click Save.
4. Save the newly created rule.
5. Move the rule to a higher priority than the existing Templafy mail flow rule and enable the rule.

If emails are not being delivered successfully (the sender receives an NDR [Non-Delivery Report] email) when being routed through the Email Signature Server, we recommend that you disable the Templafy Email Signature Server mail flow rule in the Exchange Admin Center to not further disrupt mail flow.

If the most up to date email signature (reflecting current User Profiles and email signature templates) is not rendering, ensure a synchronization has occurred.

.eml files are e-mail messages saved by a mail client. These files contain the body content of an e-mail along with the subject, sender, recipient(s), date, and attachments.

1. Open your mail client Outlook Online or Gmail web application.
2. Create a new message.
3. Drag the e-mail that requires attention into the new message.
4. The dragged e-mail will be added as an .eml attachment and can be downloaded or forwarded from there.

It is a known limitation of Apple Mail that images cannot be rendered properly within a signature. In order to prevent an image showing up as code (ex. <image1.png>), you can include the images as attachments following the steps below:

• Settings --> Mail --> Include Attachments with Replies --> Always.

Templafy Signature Server doesn't have any size limit for messages, but it is recommended to set an exception rule to omit message size >150MB to comply with the size limit of Exchange Online.

In order to diagnose the origin of a mail flow issue (occurring from ESS or Exchange Online), ESS can be skipped in the mail flow of a specific message. Just add [--essTemplafy:skip] at the end of the subject of the email. This text will be automatically removed on the recipient side and in the senders' sent items.

For Templafy's Client-Hosted Email Signature Server solution, certificates are used for authentication purposes in Azure Kubernetes Service (AKS). If not using an RBAC-enabled cluster, the certificate auto-rotation feature will not be enabled and will require manual rotation of certificates.

If the cluster certificate expires, this will cause the service to fail. The error for an expired certificate can be seen as the following error:

To resolve this issue, the cluster certificates will need to be manually rotated. To avoid any disruption in the mail flow, Templafy recommends that the Templafy Email Signature Server mail flow rule be temporarily disabled in the Exchange Admin Center. Once the certificates are successfully rotated and the cluster is up and running again, the Templafy Email Signature Server mail flow rule can be re-enabled to allow traffic to flow through the server as normal.