Phishers often masquerade as internal users. You can visually tag email from outside your org, & here’s some solid HTML code to implement that on the first try.

You accomplish this by pasting HTML code into a transport (aka "mail flow") rule that ends up looking like the figure below. (Scroll down for the code.) Note that the "Inside the organization" condition may be superfluous for your org. Check this link for more info, particularly the "UserScopeTo" and "UserScopeFrom" details.

I've read a number of forum posts from admins who've tried to configure a prepended HTML disclaimer in this way, but instead ended up with a plain text disclaimer. The goal is to provide something with some visual punch:

In addition to posts from people having trouble getting this working, I've seen a number of blog posts with HTML that just doesn't work -- I know because I tried the code myself. The code below works for me every time, just like it did the first time.

<div style="padding:2pt;border:1pt solid #9C6500;"> <div style="background-color:#FFEB9C;margin:0;"><font face="Calibri,sans-serif" size="2"><span style="font-size:11pt;background-color:#FFEB9C;"><font size="2" color="#9C6500"><span style="font-size:10pt;"><b>CAUTION:</b></span></font><font size="2" color="black"><span style="font-size:10pt;">  External Sender</span></font></span></font></div>

Check the code for extraneous line feeds etc., after you copy/paste.