In some scenarios an organization will want to prevent email users from sending messages to certain external domain names.  This can be achieved with Exchange Server 2007 using a Transport Rule.

Open the Exchange Management Console and navigate to Organization Config/Hub Transport.

Block Users Sending to Specific Domains with Exchange Server 2007

Start a New Transport Rule.

Give the rule an appropriate name and description.

Block Users Sending to Specific Domains with Exchange Server 2007

Choose conditions of “From users inside the organization” and “When a message header contains specific words“.  Click on “message header” and change it to “To” (without the quotes), and then click on “specific words” and add the domain name, for example “@fabrikam” (again without quotes).

Block Users Sending to Specific Domains with Exchange Server 2007

Click Next and choose actions of “Send bounce message to sender…” and “Silently drop the message“.

Block Users Sending to Specific Domains with Exchange Server 2007

You can modify the bounce message that is sent to the sender so that they or the IT admins can easily tell why the email was rejected.

Complete the Transport Rule wizard and test the new rule by trying to send an email to that domain name.

Block Users Sending to Specific Domains with Exchange Server 2007

You should now receive a bounce message from the Exchange server with the text that you configured.

Block Users Sending to Specific Domains with Exchange Server 2007

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

  1. steven levy

    is it possible to create a transport rule that will prevent email being sent to me from me that has not originated from my server. i seem to be receiving email from myself which is spoof

    I am using sbs 2008 with exchange 2007

    many thanks

  2. agam

    hi mr paul,

    nice tutorial i have some scenario lke this
    1. some user can send to eksternal (golbal) all domain
    2. some user can sent to spesifik domain or account mail
    3. some user can sent to our branch office

    how can i create rule in hub transport
    because when i have set like your tutorial but its not work

    can you help me
    i used exchange 2007

  3. Joe

    Stop trying to block everything. The list is too long. Second, do this on the Edge instead of the Hub if you have an Edge server.
    Use a transport rule to specify
    Conditions – When the From address contains text patterns and add .*$ (all email from something with .)
    Actions – pick your action
    Exceptions – except when From address contains text patterns – enter TLD’s you wish to accept in the format of .TLD$ i.e. .com$ (where .com is at the end of the From address)
    Done.

  4. sandip

    Great post Paul ,

    I got a strange request from the customer.

    we have accepted domains – abc.com, 123.com, xyz.com

    whereas pqr.com domain is external domain

    As per the request ,50 users with email address @abc.com should not be able to send attachments to other than abc.com, 123.com, xyz.com and pqr.com

    they can send attachments only to domains abc.com, 123.com, xyz.com , pqr.com

    I tried using transport rule but could not achieved the result

    Any help is highly appreciated

    Thanks,
    Sandip

  5. big

    I’m trying to do the opposite I would like to inform external users that my old domain is not active anymore and they have to send email to new domain.
    How can I do this? is it possible?

    1. Paul Cunningham

      Some people set up things so that anytime someone emails the old domain it sends back a notice for them to start using the new domain.

      I find that to be a horrible solution that puts the onus on the sender to make changes just for your own convenience. It also tends to create problems with automated mail systems and other scenarios where your system *always* sends that notice back regardless of whether that sender has already been notified or not. I’ve been on the bad end of that situation and its really annoying.

      The correct solution in my view is to just keep accepting email to the old addresses, but have your primary emails be the new addresses. Over time nature will take its course and fewer emails will go to the old addresses.

      If you absolutely do not want to receive email to the old domain (though I struggle to think of a valid reason for this) then the right thing to do is to hard bounce the email, eg just remove the MX records for it and the senders will receive an NDR and adjust accordingly. But again, that puts the onus on the senders to have to do something just because your company has switched domains.

      1. big

        we manage more then one domains and I have seen many changes, I have never adopted this solution for the same your reasons.
        in this case I have added, for more than a year, to the messages outgoing, a disclaimer to inform about the new domain.
        I have set on internal users the primary SMTP address with new domain.

        The internal users complain with me they are receiving just spam (to old address) general manager asked he don’t want to receive mail for old domain, especially spam report, he just want to continue inform the sender maybe one of hundreds or thousands spam it’s an order.
        Remove the MX could be a solution but the I need to inform the sender about new address.
        if you have sugest…

        1. Paul Cunningham

          If individuals no longer want their old address there’s no reason I can think of to not just remove it for that individual user.

          The spam problem should be solvable with a decent antispam product.

  6. Dinesh

    Still the user can send email to this selected email address..

    The only thing he needs to do is put any allowed address in TO and put restricted email address in CC.. Bingo..

    I have been looking for real solution that can block all emails to speceific domain either in TO or CC.. with Exchange 2010 this is easy to do..

  7. BK

    Have you found blocking BCC option?,
    I have same issue that i can’t block bcc option, i would like also to know if i can import a big list of domains that i want to block through powershell somehow

    1. Vincent Mornard

      How did you block CC and did you find a way to block bcc.
      As always, Microsoft programmers have been lazy and Mr Cunningham is unimaginative.
      “Outside the Organization” is only checking the “To” filed.

      1. Paul Cunningham

        Thanks for the feedback Vince. Given the information in the blog post above, and a little research on TechNet about transport rules, the solution is quite easily found. That is, if you apply a little imagination of your own.

        All the best.

  8. Martyn Burford

    Thank you for these notes, very useful and very clear.
    We have found that this will only block the To field and not Cc or Bcc. We have setup a new rule that blocks Cc but we are having trouble with Bcc.

Leave a Reply