diff --git a/mail_to_misp_config.py-example b/mail_to_misp_config.py-example
index 56814a0..d98f91f 100644
--- a/mail_to_misp_config.py-example
+++ b/mail_to_misp_config.py-example
@@ -31,5 +31,8 @@ malwaretags = { 'locky':    [ 'ecsirt:malicious-code="ransomware"', 'misp-galaxy
 dependingtags = { 'tlp:white': [ 'circl:osint-feed' ]
                 }
 
+# Known identifiers for forwarded messages 
+forward_identifiers = { b'-------- Forwarded Message --------', b'Begin forwarded message:' }
+
 # Tags to add when hashes are found (e.g. to do automatic expansion)
 hash_only_tags = { 'TODO:VT-ENRICHMENT' }