Exchange Server 2010 allows you to restrict who can send to distribution groups. You can do this in different ways, but it is important to understand the pros and cons of each type of distribution group protection so that you choose the correct one for your situation.
Each of these methods can be implemented from any workstation or server you've installed the Exchange 2010 management tools on.
Preventing External Email to Exchange 2010 Distribution Lists
If you want to prevent any external sender from being able to send email to a distribution group you can simple enable the authentication requirement for that group. This is found in the Properties of the distribution group in the Mail Flow Settings tab under Message Delivery Restrictions.
This option is enabled by default for distribution groups created in Exchange Server 2010, but may have to be manually enabled for groups that existed before your Exchange 2010 migration occurred.
This will prevent external, unauthenticated senders from being able to send to the distribution group but may also prevent senders such as network devices or applications from sending to the list if the device or application can't perform SMTP authentication.
Restricting an Exchange 2010 Distribution List to Specific Senders
Requiring authentication for an Exchange 2010 distribution group won't prevent any authenticated senders from sending to it, for example all of the mailbox users in your organization will still be able to send. In some organizations it is desirable to restrict certain distribution groups to only certain senders.
This can be performed by configuring the Accept Messages From setting in the Message Delivery Restrictions, and specifying mail-enabled groups who are allowed to send to the list.
Outlook 2010 and OWA users will see a warning if they compose an email to a group they are restricted from sending to.
If the sender persists and sends the email anyway they will receive a non-delivery report.
#550 5.7.1 RESOLVER.RST.NotAuthorized; not authorized ##
Restricting distribution groups in this way gets the job done but it is an all or nothing approach. There is no scope to allow some messages from people through to the distribution list.
Moderating Exchange Server 2010 Distribution Lists
When you have a distribution group that you want everyone to be able to send to, but you want to be able to approve or reject messages on a case by case basis, you can use moderation. Moderation allows you to specify one or more mailbox users who can approve/reject emails sent to a distribution group. This is found in the Properties of the distribution group in the Mail Flow Settings tab under Message Moderation.
Outlook 2010 or OWA users will see a warning when they are composing a mail to send to moderated groups.
The moderators will then receive an Approve/Reject email in their inbox.
Moderation can lead to delivery delays while messages are approved. You can optionally configure a moderated group so that specific senders bypass the moderation requirement, so that frequent or trusted senders can send messages without any delays.
As you can see each of these methods of restricting who can send to distribution groups has its pros and cons. There is no one size fits all approach, but you should be able to find a method that works best for your specific scenario.