Home » Exchange Server » Using Transport Rules to Block Outbound Email to Untrustworthy Domains

Using Transport Rules to Block Outbound Email to Untrustworthy Domains

Sometimes a customer will have the need to block their users from sending emails to domain names that they consider untrustworthy. Exchange makes this possible through the use of transport rules, also known as mail flow rules. You can use transport rules in Exchange on-premises as well as Exchange Online.

In the mail flow section of the Exchange admin center, create a new rule.

exchange-block-outbound-domain-01

Construct a rule that will block email sent from internal senders to external recipients with addresses that match the specific domain name, or a pattern that matches a number of domain names.

exchange-block-outbound-domain-02

Of course, this is just an example that is relevant to current events. Using mail flow rules like this is a fairly heavy-handed approach, and there’s a few risks and caveats to be aware of.

  • A misconfigured transport rule could easily cause all outbound email for your organization to be rejected. Always test your transport rules in a lab first, and in production you can implement them in test mode for a period of time to assess the impact that they will have.
  • Blocking based on domain names doesn’t necessarily solve the issue of an untrusted or insecure email provider. In the case of Yahoo, there are many other domain names hosted on Yahoo email servers that a rule such as the example above will not block. And who is to say that a trusted partner’s email system hasn’t been breached by attackers already, or that confidential emails aren’t be accessed by unauthorized parties once they leave your organization.
  • Domain-based blocking could be easily bypassed by forwarding an email to another address first, such as a Gmail account, and then sending it on to Yahoo from there.
  • Where does it end? Perhaps there are many other mail services that are just as untrustworthy, but haven’t been discovered or reported yet.

If confidentiality of email is the primary concern, consider implementing Information Rights Management instead.

Paul is a Microsoft MVP for Office Servers and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul is a co-author of Office 365 for IT Pros and several other books, and is also a Pluralsight author.
Category: Exchange Server

2 comments

Leave a Reply

Your email address will not be published. Required fields are marked *