Using Transport Rules to Restrict Users from Sending Email to External Recipients

The first step in this method is to create a distribution group. The members of this group will be the users who are restricted from sending external emails. It does not need to be a security group, but it does need to be universal in scope.

Next, create a new Transport Rule with the following configuration.

Conditions:

  • From a member of a distribution list (and choose the distribution group you created above)
  • Sent to users that are inside or outside of the organization, or partners (and choose “Outside”)

Actions:

  • Send rejection message to sender with enhanced status code (I set the status code to 5.7.1 and configure a message such as “You are not authorized to send email to recipients outside of this organization”)

Exceptions: (optional)

  • Except when a recipient’s address matches text patterns (and add any domain names or email addresses they should still be allowed to send to)

After the new rule has taken effect the members of that distribution group will not be able to send to external recipients, whether they use the To, CC, or BCC fields to do so, and will still be able to send to those domains or email addresses you configure as an exception to the rule (even if the message includes other recipients that will get blocked, the permitted ones will still receive the email).

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s