When an external sender attempts to send an email message to an Office 365 group they may receive a non-delivery report (NDR).
The NDR states:
Your message couldn’t be delivered because the group you’re sending to needs to know who you are before it will accept your message. To fix this problem, as the email admin for the group to configure the group to accept messages from you.
There is additional information for email administrators:
This error occurs when the group is configured to reject email from senders outside of the group’s organization.
There is additional diagnostic info with a specific NDR status code:
Remote Server returned ‘550 5.7.133 RESOLVER.RST.SenderNotAuthenticatedForGroup; authentication required; Delivery restriction check failed because the sender was not authenticated when sending to this group’
This type of NDR is usually caused by the setting on groups in Office 365 that controls whether people outside the organization can send email to the group. When a group is first created in Exchange Online, whether it is created manually or by a cutover/staged migration, the setting defaults to “Off”. This setting is visible in the Office 365 admin portal, in the Groups section.
Switch the setting to “On” to enable external senders to send email to the group.
You can also perform this change in PowerShell. After connecting to Exchange Online with PowerShell use the Set-DistributionGroup cmdlet to modify the setting.
PS C:\> Set-DistributionGroup teamalpha -RequireSenderAuthenticationEnabled $false
Hi, can you customise the NDR to display generic email address (e.g. Help@Mydomain.com). John
I get this error when a appication inside my org is trying to send an email to a distribution group in my org.
I do not want to let outsiders being able to send to that group.
{550 5.7.133 RESOLVER.RST.SenderNotAuthenticatedForGroup; authentication required; Delivery restriction check failed because the sender was not authenticated when sending to this group}
Thank you Paul and RM!
Watch out since there are two ways to edit a group in Exchange 365…the newer more web 3.0 method through the upper level admin center has an extra “toggle switch” whereas the old method in the exchange admin does not include this and/or is not connected. This is going to get a lot of people for sure as they won’t know until someone complains or if they test the address… (of course mine didn’t even accept from an internal address so still have fingers crossed) Link:https://portal.office.com/adminportal/home#/groups
Updating my comment to advise that I resolved this issue, by changing Group Delivery Management settings to allow email from internal and external senders, and creating a Dynamic Distribution Group containing all internal users, and restricting senders to that list.
Hi, I am receiving this message when an internal sender, with mailbox on the same Office 365 installation, tries to email security groups from an external mail service, even though that mail service (Pardot) is listed in the domain’s SPF record.
Any ideas how to resolve that?