Problem Statement:
We came across a requirement to create a Distribution Group where -
1. Users from internal organization can send emails to this Distribution Group.
2. External Users ONLY from partner organization domain can send emails to this Distribution Group.
Distribution Groups in Exchange Online provides a functionality to restrict External Users to send emails. But here, in this case, we need to allow users from one External Domain (let's say domain is demowork.xyz) to send emails to Distribution Group.
Domain based sender filtering is NOT directly available when we create the Distribution Group, but we can achieve this requirements by creating a Transportation Rule in Exchange Online.
Resolution:
We can use Transportation Rule to restrict a Distribution Group to receive emails from internal organization and specific external domain only. Steps to create a new Distribution Group/Distribution List(DL) and configure the Transportation Rule for sender domain restriction are summarized below:
A. Create Distribution Group:
1. Login to Exchange Control Panel (ECP).
2. Navigate to "Recipients" -> "Groups".
3. Click "+" icon and select "Distribution Group".
4. Click "To create a new distribution group, click here" option (as highlighted in below screenshot) from newly opened window:
5. Populate the required information to create new group:
- Display Name: Desired Group Name (We will name this as "Helpdesk" in this example).
- Alias: Desired Group Alias Name (We will keep this as "Helpdesk" in this example).
- Email Address: Desired email address for group (In this example, it is like "helpdesk@binaryrepublik.com")
- Add Owners and Members of the group as needed.
- Select Group Membership options as needed. We will select "Closed" for both the options - (1) Choose whether owner approval is required to join the group. (2) Choose whether the group is open to leave.
- Click "Save".
6. This newly created Distribution Group by default accepts emails only from senders within organization. So, we need to apply a change for this Distribution Group to accept emails from Outside of organization. In order to enable this -
- Select this Distribution Group and Click Edit icon.
- Go to "Delivery Management" in newly opened window.
- Select "Senders inside and outside of my organization" option and click "Save".
7. Now, we have a group created that accepts emails for senders from inside and outside organization (any sender from any domain).
Now, We have to create a Transportation Rule to restrict this Distribution Group to receive emails only from senders inside organization and from specific partner domain (e.g. demowork.xyz).
B. Create Transportation Rule:
1. Go to Exchange Control Panel -> Mail Flow -> Rules.
2. Click "+" icon and select "Create a new rule".
3. Click "More Options" at bottom of the newly opened window.
4. Furnish the information to create new rule -
- Name: Meaningful name for the rule (e.g. - Helpdesk Restriction)
- Apply this rule if -> select "The message..." -> "To or Cc box contains this person".
- Select newly created DL and click OK. (In this example, we will select "Helpdesk").
- Do the following -> "Block the message..." -> "Reject the message and include an explanation". Specify the desired explanation like "This email address is only for specific people. You are not allowed to send emails to this address" and click OK.
- Click "add exception" under "except if" section.
- Select "The sender..." -> "domain is"
- Add internal organization domain (in this example, binaryrepublik.com) and partner domain (in this example, demowork.xyz) and click OK. Basically, here we need to define domains of allowed senders.
5. Click "Save".
The Distribution Group & Transportation Rule is configured.
Conclusion:
This way, using Transportation Rule, we can allow a Distribution Group in Exchange Online to receive emails only from senders of specific domain(s).